Eight Canada Revenue staffers fired this year for snooping through records: CBC

Technology can cure a lot of security problems caused by insiders, but not someone determined to get around the rules. That seems to be the lesson from a CBC news report today about Canada Revenue Agency (CRA) staff members continuing to flaunt policies that forbid them from accessing the tax files of Canadians.

According to Access to Information documents uncovered by the public broadcaster there have been nine significant cases of tax workers wrongly looking at the files with details on income, deductions, benefits, payments and employment — this despite spending $10.3 million on technology to impose access control.

The good news: CRA says it has fired eight of the nine workers caught so far this year.

It’s not like these are people who just want a peek at a file or two: In one case an employee made unauthorized access to the accounts of 90 acquaintances and family members, a business and his/her own account, according to files found by the CBC. Another staffer improperly accessed the accounts of 227 businesses and individuals.

Insiders are a knotty problem: The information some have access to in any organization is tempting, particularly in tax departments where it’s personal. How big the problem is across industries isn’t clear. Some security vendors publish high estimates of the inside threat, but when pressed admit that they assume all intruders are insiders, because to get around a network an intruder either is an insider or has stolen an insider’s credentials. When you separate true insiders from external actors — as Verizon does in its annual breach report — the number is around 20 per cent.

That means the vast majority of an enterprises’ employees are trustworthy. Still, 20 per cent is not to be dismissed.

One expert has suggested there are tell-tale signs of people might be willing to take risks that managers need to watch for, one of which is an employee who has a grievance against the organization. I’m not sure in Canada Revenue’s case that’s the problem. The problem there is temptation.

So the first defence is regularly reminding employees about the perils of accessing data they have no business being near. The second is the technology piece, implementing access control.

Also note the federal privacy commissioner’s office has issued a list of 10 tips to prevent employee snooping and data theft. CSOs should remember tip 7: Proactively monitor and/or audit access logs and other oversight tools. Hopefully, that’s how CRA’s nine offenders were caught.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now