Manitoba managing remote access IT security risks, but some improvements needed
The Province of Manitoba is managing IT security risks associated with remote access, but some improvements are needed, says Auditor General Tyson Shtykalo. The finding is contained in a new report, Managing IT Security Risks for Remote Access, released today.
“The global COVID-19 pandemic transformed the traditional workplace structure. Employees in a variety of sectors learned to work remotely, or share time between home and the office,” Shtykalo said. “I’m encouraged that Manitoba has introduced security measures to protect information and systems used by employees to work remotely, but there is still more to be done.”
The audit found:
The Province uses encryption to protect data, but some settings need to be improved.
Approximately 30% of provincial employees have not taken mandatory security awareness training.
Security policies and procedures related to remote work are outdated.
“Addressing these findings would create a more secure work environment,” Shtykalo said.
The audit also found that devices used when working remotely are authenticated and securely patched, and security issues are identified and promptly mitigated.
The report contains 3 recommendations to better manage IT security risks associated with remote access.
To view the report, please visit http://www.oag.mb.ca/reports.
To view the video, visit: https://youtu.be/t-rpRXiaSoE
ABOUT THE AUDITOR GENERAL OF MANITOBA
The Auditor General is an officer of the Legislative Assembly mandated to provide independent assurance and advice to Members of the Legislative Assembly. Through its audits, the Office of the Auditor General seeks to identify opportunities to strengthen government operations and enhance performance management and reporting. For more information visit: http://www.oag.mb.ca./
For more information, contact:
Frank Landry, Communications Manager
204.792.9145
frank. landry@oag.mb.ca