A woman uses a computer keyboard in North Vancouver, B.C., Wednesday, Dec. 19, 2012. Manitoba's auditor general says the provincial government needs to do more to protect its information systems from internal misuse and outside attacks. THE CANADIAN PRESS/Jonathan Hayward
GACWINNIPEG - The Manitoba government needs to better protect its information systems from internal misuse and outside attacks, the provincial auditor general said Thursday.
Tyson Shtykalo's 21-page report focused on system administrators and other people with deep access to systems in a few departments that contain personal, corporate and health information. The audit ran from 2018 to March of this year.
The report says password requirements are not strong enough in some areas.
"For example, improvements are needed to the standards that govern identification and authentication, and information systems have not been configured to enforce quality passwords as required by … standards," the report states.
"Good identification and authentication standards include multifactor authentication, minimum number of failed login attempts, inactive session terminations, minimum password length, password complexity … and password history."
Shared Health, which co-ordinates provincial health care, has given out privileged access to some workers without formal, documented approval and did not revoke some workers' access immediately when they left their jobs, Shtykalo wrote.
Some Shared Health workers were given higher levels of access than they need for their jobs, he added.
The report also calls for better monitoring of people who use information systems, in order to detect any unauthorized activity.
"An unauthorized person with privileged access could steal data or funds, disrupt operations or cause system outages," Shtykalo said.
Shtykalo said he shared more detailed information with the departments involved in his audit, but did not include it in the report.
"If this information is disclosed publicly, cyber threat actors could misuse it to compromise systems operated by these entities," the report states.
The Progressive Conservative government said it had already started to implement many of the report's recommendations. But the government may not engage in monitoring users as thoroughly as the auditor would like.
"Some people obviously don't enjoy being monitored … so we have to make sure that we work with the individuals on that basis, on what's done on the systems, as opposed to a broad-brush approach to everybody being subjected to the same outcomes," said Reg Helwer, minister for government services.
The Opposition New Democrats called for tighter cybersecurity immediately.
"In today's knowledge economy, good digital security to protect your private personal information is as important as having a lock on the front door of your house," NDP Leader Wab Kinew said in a statement.
This report by ¹ú²úÓÕ»ó¸£Àû was first published Oct. 13, 2022.
¹ú²úÓÕ»ó¸£Àû. All rights reserved.
Get the latest from ¹ú²úÓÕ»ó¸£Àû News in your inbox. Select the emails you're interested in below.
Canada is entering a new era of nation-building. From clean-energy corridors and c…
Sorry, an error occurred.
Already Subscribed!
Cancel anytime
Thank you .
Your account has been registered, and you are now logged in.
Check your email for details.
Submitting this form below will send a message to your email with a link to change your password.
An email message containing instructions on how to reset your password has been sent to the email address listed on your account.
No promotional rates found.
Secure & Encrypted
Thank you.
Your gift purchase was successful! Your purchase was successful, and you are now logged in.
| Rate: | |
| Begins: | |
| Transaction ID: |
A receipt was sent to your email.
