An embarrassingly high number of Justice Canada employees are unable to detect and avoid email scams, it seems. The department sent out a fake phishing scam in December to test employees’ susceptibility to cyber fraud, and the results were abysmal.
Of the department’s 5,000-odd employees, 37 per cent clicked on the link in the email, which was made to look like an official email. Meanwhile, the general Canadian population only clicks on such links five per cent of the time.
The government-run test didn’t actually take any of the employees’ data, of course, but real phishing links can take important personal information when users click on them, such as banking passwords. That so many government officials would click on these links in a test means that they risk making their computers, which might contain all kinds of sensitive information, vulnerable.
Confidentiality and security are incredibly important to government work, and to legal work as well, so the fact that so many Justice Department employees — many of whom are lawyers — can’t pick out a scam email should be cause for grave concern. And Justice Canada is no stranger to privacy-related controversy: in 2012, a lawyer with the department was “involved in the loss of a USB key” containing information on more than 5,000 people, including SIN numbers and medical conditions.
To the department’s credit, later email tests in February and April showed much better results, with click-throughs being cut in half. That still means more than twice as many Justice Canada employees are clicking on scam links as other Canadians, though.