By NICOLE JOBES
Students who opted out of Conestoga Students Inc.’s health and dental benefits plan may have inadvertently opted out of standard security protocol as well.
An anonymous email was sent to Spoke Sept. 28 expressing concern about the security of the health plan opt-out website, mystudentplan.ca. It said the online opt-out form did not appear to utilize the proper encryption to protect the data students must submit.
Gallivan & Associates Student Networks Inc. is a for-profit student benefits consultant and benefit buying group that partners with post-secondary student associations to harness their benefits purchasing power. One of its partners is CSI.
According to Gallivan, the information is protected and encrypted in a secure tier 1 hosting facility after transit by their hosting provider, Tenzing Hosting Services. Tier 1 is the simplest classification of a data centre, employing firewalls and deep packet inspections. Redundancy in the systems allows for it to adapt to various levels of traffic and drop any suspicious activities.
However, the information is at risk before it reaches the facility, when it is being inputted into mystudentplan.ca and again while it is in transit to Gallivan’s hosting facility. While the facility adheres to industry standards for data encryption, the information is vulnerable before it gets there.
There are two ways a website is secured: HTTPS and an SSL certificate. The CSI opt-out website has neither.
According to an article by Jeremy Dotson in BizTech Magazine, the difference between HTTP and HTTPS comes down to the ‘S.’ HyperText Transfer Protocol refers to how information is presented to the user of the computer; it’s really a way of communicating your interactions with the browser. The ‘S’ stands for secure, and differentiates one sender and receiver from another.