The Manitoba authorities wants to higher shield its info techniques from inner misuse and out of doors assaults, the provincial auditor basic stated Thursday.
Tyson Shtykalo’s 21-page report centered on system directors and different individuals with deep entry to techniques in a couple of departments that comprise private, company and well being info.
The audit ran from 2018 to March of this yr.
The report says password necessities are usually not sturdy sufficient in some areas.
“For instance, enhancements are wanted to the requirements that govern identification and authentication, and knowledge techniques haven’t been configured to implement high quality passwords as required by requirements,” the report states.
“Good identification and authentication requirements embrace multifactor authentication, minimal variety of failed login makes an attempt, inactive session terminations, minimal password size, password complexity and password historical past.”
RELATED: Keep protected when posting back-to-school pics, cybersecurity knowledgeable says
Shared Well being, which co-ordinates provincial well being care, has given out privileged entry to some employees with out formal, documented approval and didn’t revoke some employees’ entry instantly after they left their jobs, Shtykalo wrote.
Some Shared Well being employees got larger ranges of entry than they want for his or her jobs, he added.
The report additionally requires higher monitoring of people that use info techniques, so as to detect any unauthorized exercise.
“An unauthorized particular person with privileged entry may steal knowledge or funds, disrupt operations or trigger system outages,” Shtykalo stated.
Shtykalo stated he shared extra detailed info with the departments concerned in his audit, however didn’t embrace it within the report.
“If this info is disclosed publicly, cyber risk actors may misuse it to compromise techniques operated by these entities,” the report states.
The Progressive Conservative authorities stated it had already began to implement most of the report’s suggestions. However the authorities might not interact in monitoring customers as completely because the auditor would love.
“Some individuals clearly don’t take pleasure in being monitored so we now have to ensure that we work with the people on that foundation, on what’s performed on the techniques, versus a broad-brush strategy to everyone being subjected to the identical outcomes,” stated Reg Helwer, minister for presidency companies.
The Opposition New Democrats referred to as for tighter cybersecurity instantly.
“In at the moment’s data economic system, good digital safety to guard your personal private info is as necessary as having a lock on the entrance door of your own home,” NDP Chief Wab Kinew stated in an announcement.
© 2022 The Canadian Press
