PRACTICES have been set up to manage cybersecurity risk related to the rise of teleworking in the B.C. public service, according to the 12th report of 2021-22 from the Office of the Auditor General.

The number of government teleworkers has increased 20-fold since the COVID-19 pandemic began, adding to potential cybersecurity risk as employees and contractors remotely access government data, including health records and financial information.

The audit looked at the responsibility of the Office of the Chief Information Officer (OCIO) to manage cybersecurity risk in the telework environment. It found the OCIO has implemented policies, procedures, standards, and staff training and guidance to help protect sensitive data.

In addition, the Province uses validated encryption to protect data transmitted in the telework environment, and it has measures to prevent unauthorized users from accessing government data stored on government-managed telework devices.

“While teleworking has many benefits, it also introduces new levels of cybersecurity risk that need to be addressed,” said Michael Pickup, Auditor General on Tuesday. “We found the OCIO is doing the important work to manage that risk, with one area for improvement concerning the use of devices not managed by government.”

OCIO policy prohibits the use of personal devices including desktop and laptop computers, tablets, and mobile phones for telework, but it has not taken steps to prevent their use, which could increase the security risk to government data.

The OCIO has accepted the report’s recommendation to put measures in place to detect personal devices used for teleworking and to identify a response to the potential threat.