British Columbia Audit Warns of Mobile Security Risks for Gov. Devices

British Columbia’s auditor general, Carol Bellringer, says that mobile devices used by government employees are not utilizing the appropriate security controls to protect sensitive information. Bellringer also concluded after an audit between June and November 2015 that the government doesn’t monitor mobile device activity and has not central record of mobile devices.

In a report, Bellringer said, “This is concerning because an inventory of all devices that have access to information is the most critical IT security control. It’s pretty tough to control what you don’t know about. Any loss, theft or exposure of sensitive government information to which these devices often have access could have serious implications for both government and the people of British Columbia.” She believes that inactive devices may be left unlocked for too long which can leave information vulnerable. Furthermore, she added that the security measures that have become commonplace with desktop security over the last couple of decades are only just creeping into the mobile device arena.

Bellringer’s audit on mobile device security included the Office of the Chief Information Officer and five ministries including those of finance, justice, health, children and family development, and forests, lands, and natural resource operations, which may have the highest privacy risks.

She made a number of recommendations to improve security, including that the Office of the Chief Information Officer ensures that security settings are established and applied to a device before activation. The report also recommended that lost and stolen devices reports are further analyzed to improve security awareness programs. The Office of the Chief Information Officer began implementing the auditor’s recommendations even before the audit was officially completed. To increase security and privacy precautions, the office added a new MDM  tool in order to automate the installation and maintenance of anti-malware software.

The Office of Information and Privacy Commissioner has also released a report on mobile-device management, which focusing on privacy. Privacy commissioner Drew MacArthur said that the investigation conducted along with the audit has suggested that the government must establish more straightforward mobile device policy seeing as the other policies were confusing.

“To keep up with the pace of technological change, privacy and security training for government employees should be offered on an ongoing basis and it must specifically reference mobile devices,” he said.“Government should also be careful to ensure that applications on any government-issued mobile devices do not store personal information outside of Canada.”

With more organizations utilizing BYOD programs and conducting more business through mobile devices, a strong mobile device management solution is becoming a necessity in nearly every industry. In verticals such as healthcare and government, where highly sensitive information is frequently accessed through mobile devices, its important to evaluate the security of your devices and acknowledge and identify weaknesses. Solutions providers including Hypori, VMWare, and Centrify, all provide mobility solutions tailored to fit business needs. For more on finding the perfect mobility solution for your organization, download the free Solutions Review Buyer’s Guide for Mobile Device Management Solutions.