Manitoba government needs better security measures, training for home workers: report
Some remote work security policies haven't been updated: auditor general
Manitoba's auditor general says the provincial government has introduced information technology security measures to help employees work from home, but some improvements are needed.
Tyson Shtykalo examined information technology systems after government employees began to work remotely during the COVID-19 pandemic. His 23-page report says the province uses encryption to protect data, but some settings need to be bolstered.
The report says there were cases where encryption was weak, and that could potentially allow a cyber attacker to access sensitive or confidential data.
The auditor also says some security policies and procedures related to remote work have not been updated in about a decade.
The report estimates about 30 per cent of workers had not completed mandatory technology training on issues such as phishing (a technique for attempting to acquire sensitive data through a fraudulent solicitation in an email) and potential threats from flash drives.
"The … training is crucial for educating employees about potential threats, safe practices and the importance of maintaining security procedures," Shtykalo wrote.
"Remote workers who have not undergone security training are more likely to fall victim to phishing emails and other social engineering tactics. This can result in compromised credentials, malware infections and data breaches."
Overall, Shtykalo says, he is encouraged that Manitoba has introduced security measures but feels there is room for improvement.
The report makes three recommendations on better security and training, and the government, in a written response, says it accepts all three.