Canadian HR Reporter is the national journal of human resource management. It features the latest workplace news, HR best practices, employment law commentary and tools and tips for employers to get the most out of their workforce.
Issue link: https://digital.hrreporter.com/i/796194
CANADIAN HR REPORTER March 20, 2017 2 NEWS Recent stories posted on www.hrreporter.com. Check the website daily for quick news hits from across Canada and around the world. WEB O N T H E ACROSS CANADA RCMP ordered to pay egregiously harassed force member $141,000 'Emotional distress severe,' says judge in 174-page decision Leaner oilpatch emerges from downturn as technology advances replace jobs Growth of automation, labour-saving efficiencies part of cost-cutting measures CPHR Canada signs memorandum with Bangladesh HR association 'Looking to partner on international agenda items, share resources, compare industry trends': Chair Number of Canadians registered to buy medical marijuana rises 15 per cent By end of 2016, nearly 130,000 signed up with producers Government seeking input on harassment, violence in the workplace Public feedback could lead to amendments to Canada Labour Code AROUND THE WORLD Uber CEO says he must 'grow up' after argument with driver Video shows Travis Kalanick berating driver who complained about pay rates London politicians tell U.K. government not to use EU workers as bargaining chip 'EU workers are the lifeblood of the capital's economy' Japan starts weekend early to improve work-life balance 'Premium Fridays' intended to stimulate spending Hiring HR professionals Canadian HR Reporter talks to the experts to hear about what skills are most in demand in the world of human resources hrreporter.com FEATURED VIDEO LeNoury Law Proactive Advice to Management Employment Lawyer of The Year James LeNoury B.A. (Hons) M.A. LL.B 416-926-1107 • Toll Free 1-877-926-1107 • lenourylaw.com Mobile devices pose greatest potential security risk: Survey Cyberattacks becoming more common, sophisticated and severe BY JOHN DUJAY MOBILE DEVICES have be- come a mainstay at the workplace, whether for personal or profes- sional use. But there are consid- erable risks — 75 per cent of Ca- nadian IT professionals say these devices are the greatest potential risk to a company's IT depart- ment, according to a recent survey. "It makes sense why compa- nies want their employees to use consumer-grade devices inside the enterprise, and have one plat- form for both home consump- tion and business as well," said Ryan Wilson, chief technology officer, security, at Scalar Deci- sions in Toronto, which released the survey of 658 IT and security professionals. But the challenge is to ensure any corporate data on these de- vices remains inside a "secure container," he said. Overall, the number, sophis- tication and severity of cyber- attacks on companies are on the rise, according to the survey. e average number of reported at- tacks on Canadian organizations rose to an average of 44 per year, up nearly 30 per cent since 2014. And the majority of respondents said both the severity (81 per cent) and sophistication (72 per cent) of attacks are increasing. Additionally, confidence con- tinues to decline among organi- zations for the third year in a row as fewer believe they are winning the war on security. "A few years ago, I would have told you we are at least treading water, but we are hitting the point where, frankly, the pace of inno- vation for protecting ourselves versus the pace of innovation of the bad guys... we are falling be- hind on the good-guy side," said Rob Clyde, managing partner at advisory firm Clyde Consulting in Pleasant Grove, Utah. He blamed two new "very well-funded" types of groups: na- tion states and organized crime involved in attacks. "It's big business." Because the criminals have lots of money, there is a natural "asym- metric advantage" on their side, said Clyde. "(As) the good guys, we have to figure every possible way the bad guys want to get in and try to put defences against that. But if you are a bad guy, you just have to figure out one way to get in." Variety of potential risks ere are "standard risks" such as a loss of data control, potential data breaches, and overall data and security concerns, according to Abhay Raman, partner, cyber- security and resilience leader, at Ernst & Young in Toronto. "Largely, all of these (security) compromises are happening be- cause of malware infestation, ran- somware deployment and phish- ing, which are user-driven." But there are even more risks companies will have to address in the future, he said. "The number of devices or endpoints that an organization needs to manage is a lot more and it is going to get worse, once we look at smart fridges, smart this, smart whatever, in terms of IoT (Internet of ings) devices that will start plugging into the network." Wide-open access to a com- pany network can be hazardous, said Clyde. "If you do allow the employees to bring a device into the company — say their own smartphone — I would suggest that the policy be that the employees can only connect those devices through the guest Wi-Fi, not through the secure internal network." Another potential pipeline into a company's network is through email, said Wilson. "Phishing is the number-one vector where attackers are at- tempting to get users to click on something they shouldn't." And the way some apps work on mobile devices brings its own set of risks, said Kurt Roemer, Citrix Systems chief security strat- egist in Chicago. "One of the biggest threats is in- stalling rogue applications where they ask for all kinds of permis- sions whenever you install an app, (such as) permission to access your contacts, your calendar," he said. "You have individuals who are giving that newly installed 'app of the day' way more rights than it needs to, and it's getting access to a lot of confidential data." at risk could spread to a com- pany's data, said Clyde. "e most obvious is the em- ployee's device might be infected or compromised and when they plug it into the company network, that malicious code that is on that device could spread to other com- pany devices inside the network." Even a seemingly innocuous ac- tion such as taking a picture of a whiteboard with a cellphone, and sharing it via email to other col- leagues, can pose a risk, he said. "Many of our smartphones now automatically upload those pictures to the cloud," he said. Some of those images may then be shared automatically on social media networks and the "next thing you know, you've got com- pany confidential information in- advertently being spread by oth- erwise well-meaning employees." IT solutions, challenges If an employee's phone is lost or stolen, companies are using pass- word protection and installing remote data-erase functions onto the devices, said Raman. "e organization has the abil- ity to remotely wipe it in case you lose your phone. It has the ability to establish controls on it to make sure you can't copy from that onto another application, you can't take screen shots." Companies are also employing mobile application management (MAM) that allows for complete control over certain apps on a cell- phone, according to Wilson. "What MAM allows you to do is to password-protect specific ap- EDUCATED > pg. 3 "An employee's device might be infected or compromised, and when they plug into the company network, that malicious code could spread to other devices."