Skip to main content

All provincial employees in B.C. directed to change passwords

Share

Every provincial employee is receiving emails or memos directing them to change their passwords immediately, CTV News has learned.

The Office of the Chief Information Officer (OCIO) confirmed the urgent requests began rolling out government-wide on Monday, the day after dozens of London Drugs locations shut down across Western Canada due to a cyberattack.

“The OCIO is taking preventive measures to safeguard government data and systems,” wrote a spokesperson in a statement. “As a security precaution … password length has increased from 10 to 14 characters.”

Websites, servers and other online infrastructure face thousands of hacking attempts each day, government officials have stated publicly, so CTV News asked if there has been a surge in cyberattacks or if it was a response to the ongoing London Drugs closures. A spokesperson said there’s no link to the pharmacy issues, but was unclear about whether there’ve been any increases in malicious activity on networks.

The memo received by BC Emergency Health Services staff on behalf of the OCIO warned staff they’d be getting system-generated prompts and could lose access to their email if they didn’t move swiftly enough.

“Please take action as quickly as possible to avoid disruption,” reads the memo on behalf of the OCIO.

“If you do not change your password, it will be changed for you, resulting in you being temporarily locked out of your account(s).”

A complex and rising threat

In our increasingly digital and online world, criminals and opportunists are fine-tuning both direct attacks on systems as well as scams and tricks to convince people to open emails or click on links that can import malware onto networks.

Cybersecurity experts point out that no matter how much anti-virus software and other high-tech measures are taken by companies and individuals, that can be undone by an email that seems legit as hackers and scammers fine-tune their tricks.

“It's sophisticated and the larger an organization is, it's more and more difficult to keep everything in check,” said MeetAmi Innovations chief technology officer and cybersecurity consultant, Vaclav Vincalek. “Regardless how much you try, you have to be right all the time, unlike the hackers who only have to be right only once.”

The veteran tech analyst has observed that companies are reluctant to spend money on preventative measures or audits for their virtual systems, despite the many examples of hacks and ransomware demands against private companies and public bodies alike. 

Vincalek suggests that not only should people use two-factor authentication whenever it’s available, but that email users disable the automatic download of images, all Wi-Fi networks require passwords (even at home), and that important files are backed up on a regular basis. That way, even if your material is hacked, you have a copy and won’t lose your files or face a hefty ransom demand.

As for the London Drugs situation, he won’t speculate as to what’s going on, but describes it as a “painful reminder” of how vulnerable everyone’s information is.

“I guarantee IT guys in other organizations are just like, ‘I'm glad it wasn't me’ because they know it can happen to them,” Vincalek said. “It was bad luck for the IT department of London Drugs.”

CTVNews.ca Top Stories

Stay Connected