Skip to content
Join our Newsletter

Editorial: Digital doors should be secure

In the legislative building and in other government offices, security officials go around after business hours to make sure everything is locked and secure.

In the legislative building and in other government offices, security officials go around after business hours to make sure everything is locked and secure. In the business of running the government, it would be unthinkable to leave doors ajar and filing cabinets open.

That same diligence has not always been applied to government-owned electronic devices that store and allow access to a wide array of sensitive information. As the provincial government rolls out its strategy concerning mobile devices, it should seek ways to keep up with technological change, rather than playing catch-up.

Two independent watchdogs released companion reports Tuesday saying there’s a risk that government information could fall into the wrong hands because of slack security measures regarding tablets, smartphones and other mobile equipment.

Government safeguards have failed to keep pace with rapid advances in technology, say auditor general Carol Bellringer and acting information and privacy commissioner Drew McArthur.

The two watchdogs audited five ministries and the office of the chief information officer. These are some of their findings:

• No central record is kept of mobile devices with access to government information. “You can’t protect what you don’t know about,” said Bellringer.

• The choice of installing anti-malware software or activating security features on phones is often left to employees, and it doesn’t always happen.

• Policies are often overlapping and confusing.

• Employees sometimes took months to report a lost or stolen device.

• Staff training did not cover mobile devices.

The watchdogs made several recommendations, and Technology Minister Amrik Virk said the government is already implementing measures to fix the problems identified by Bellringer and McArthur.

Those measures include maintaining detailed inventories of all mobile devices, ensuring additional security settings are applied before a device goes into service, enforcing a maximum inactivity-until-locked time, and installing and maintaining anti-malware software.

It would seem such measures would be a given, but smartphones and tablets have become so much part of life, it’s easy to take them for granted, to overlook the power they have to find, store and disseminate information. We value how easy they are to use and how much they can do for us.

But those strengths are weaknesses, if the devices fall into the wrong hands. Complacency can be dangerous.

It’s comforting know the government is taking the right steps, but it’s a little disturbing that it is acting only now. It is common knowledge that bad things can happen when a tablet or smartphone is misplaced or stolen.

An individual’s life can be seriously disrupted, as many people have learned, if someone gains access to personal data stored on or connected to a smartphone. If the device is used in government business, the potential for damage is exponentially greater.

For most people, not keeping pace with technological change can be inconvenient. For government, it is dangerous.