Skip to content

B.C. manages cybersecurity risks posed by staff working from home: audit

VICTORIA — British Columbia's auditor general says the government has effective tools in place to manage cybersecurity risks that could arise from an increase in public service employees working from home during the pandemic.
20220329150328-62435e090fc79d1def07e08ejpeg
A woman uses a computer keyboard in North Vancouver, B.C., on Wednesday, December, 19, 2012. British Columbia's auditor general says the government has put effective tools in place to manage cybersecurity risks that could arise from an increase in public service employees working from home during the COVID-19 pandemic. THE CANADIAN PRESS/Jonathan Hayward

VICTORIA — British Columbia's auditor general says the government has effective tools in place to manage cybersecurity risks that could arise from an increase in public service employees working from home during the pandemic. 

Michael Pickup says an audit found the government's office of the chief information officer has implemented policies, procedures, standards, training and guidance to protect sensitive data.

He says the number of government employees working from home increased twentyfold during the pandemic, adding to potential cybersecurity risks as employees and contractors access government data remotely.

The audit concludes the office of the chief information officer has increased its cybersecurity risk protections by using encryption-protected data and measures that prevent unauthorized users from accessing stored government data.

Pickup says the report's one recommendation calls for strengthening information officer policy that already prevents the use of personal laptops and cellphones by adding measures that detects their use when an employee is working from home.

Pickup's audit says the government accepted the recommendation and introduced measures to detect the use of personal devices.

"Cybersecurity threats are greater in the telework environment than the traditional office," says the audit."The threats need to be mitigated with planning, governance, and strategic activities such as risk assessments and with telework policies, procedures, and standards."

This report by The Canadian Press was first published March 29, 2022.

The Canadian Press