Manitoba’s auditor general says the provincial government has introduced information technology security measures
to help employees work from home, but some improvements are needed.
Tyson Shtykalo examined information technology systems after government employees began to work remotely during the COVID-19 pandemic.
His 23-page report says the province uses encryption to protect data, but some settings need to be bolstered.
The report says there were cases where encryption was weak, and that could potentially allow a cyber-attacker to access sensitive or confidential data.
The auditor also says some security policies and procedures related to remote work have not been updated in about a decade.
The report estimates about 30 per cent of workers had not completed mandatory technology training on issues such as phishing and potential threats from flash drives.
“The training is crucial for educating employees about potential threats, safe practices and the importance of maintaining
security procedures,” Shtykalo wrote.
“Remote workers who have not undergone security training are more likely to fall victim to phishing emails and other social engineering tactics. This can result in compromised credentials, malware infections and data breaches.”
Overall, Shtykalo says he is encouraged that Manitoba has introduced security measures but feels there is room for
improvement.
The report makes three recommendations on better security and training. The government, in a written response, says it accepts all three.