It has been revealed that Dalhousie University suffered a data breach after the personal information of 20,000 people was put on a file accessible to faculty, staff, and students between September 16, 2016 and March 3, 2017. Recent reports said that the breach was discovered in March, but letters informing those affected were only sent in November.
The letter said the breach was “an error on the part of an employee.”
A university spokesman, said:
We became aware that members of the university community were using this folder and may have used it to save information.
In this particular case, we have notified individuals out of an abundance of caution. We have no evidence that the files were actually accessed. The files did not contain any government-issued ID numbers (e.g. social insurance number) or banking information (e.g. credit card or bank information).
We sincerely apologize for this error. We take our obligation to protect the privacy of our stakeholders very seriously.
Although this breach was described as an ‘employee error’, it is a reminder that an organization’s employees pose a threat to data security. Staff awareness training can help combat insider threats by making sure that staff who have access to sensitive data have the correct knowledge and an understanding of information security.
Educate your staff
Staff awareness training is fundamental for effective information security management and meeting regulatory and compliance requirements.
Making sure your employees know about these requirements can be time-consuming and costly, so we’ve created the Information Security Staff Awareness eLearning Course. It’s designed to help employees better understand information security risks and awareness policies and procedures.
By enrolling your staff on this course, you can reduce the likelihood of human error and be sure that your information assets are better protected.