Flexible Workplaces & Information Security
Wherever you work for the BC Public Service, you're responsible for protecting the security and privacy of the information and the technology you use.
The Appropriate Use of Government Information and Information Technology Resources (“Appropriate Use Policy”), owned by the Office of the Chief Information Officer and Corporate Information, outlines how to protect confidential and personal information in any place of work.
What This Means for You
If you are internally mobile, externally mobile or only telework occasionally:
- Before making arrangements to access or use confidential or personal information, confirm access and method with your supervisor
- If you are planning to use a Government-issued mobile device, consult the Mobile Device Guidelines for information on using and managing your device
If you are planning to use your home computer, review the Tip Guide: How to Protect Your Home Computer for guidance and best practices to help you avoid such things as spreading viruses and leaking confidential information
Mobile Work Examples
Are you able to answer the questions posed in the following mobile-work scenarios? The Appropriate Use Policy and Tip Guide inform your actions in these and other mobile work situations.
John works from the office most of the time, but sometimes works from home for a day with the permission of his supervisor. He uses his home computer with VPN (Virtual Private Network).
Are John and his supervisor doing their due diligence to meet the requirements for information security?
John and his supervisor are mostly there but may need to do more. John has his supervisor's permission to work from home and is using VPN. However, they should also make sure he is following best practices in the Tip Guide. For example, is he using his home computer correctly?
- Secure login if computer is used by more than one person
- Files can be stored on the hard-drive only in extenuating circumstances; in these situations, files should be saved to a separate encrypted folder and moved to a protected government system as soon as possible
- Anti-virus and patches up to date
Fatima sent herself a document to work on at home, but she doesn't have the latest version of Windows and can't open the .docx file. She uses Google Docs to translate the document.
Are Fatima and her supervisor meeting their IM IT obligations?
No, they are not. Google Docs is not a secure, approved program. If Fatima is using Google Docs because she doesn't have Office 2010, chances are she's using her home computer instead of a government-issued laptop. If that's true, she needs to use her home computer according to the requirements and guidance Appropriate Use Policy and Tip Guide, such as using government-approved remote access options (VPN or DTS) to connect to the government network.
If Fatima can't use VPN or DTS, it would be good to purchase the version of the Microsoft Office suite available to public service employees.
Yun Hee is an "internally mobile" worker who works in a different location at her office every day depending on the work she's doing. She loves the freedom of working in different places in her building, but notices that in open spaces, people can "shoulder surf" - see documents on her screen. Yun Hee keeps her paper files and laptop in her locker every night.
Is Yun Hee doing enough to protect the privacy and security of the information she has access to?
It's great that Yun Hee locks up her computer and files every night. That's more secure than leaving files lying on her desk overnight like she previously did when working at the same desk every day. However, "shoulder surfing" can expose confidential information. Yun Hee needs to lock her computer when she leaves during the work day. If she is viewing documents with confidential information, Yun Hee needs to position her body to block the screen or move to where people cannot see over her shoulder.