Manitoba Auditor General Tyson Shtykalo has released a report showing the Manitoba government needs to protect its information systems better from outside attacks and internal misuse..The report focused on employees with deep access in a few departments and the audit went from January 2018 to March 2022..Shtykalo found passwords were too weak and did not meet the required standards to protect the information.. Tyson Shtykalo .“For example, improvements are needed to the standards that govern identification and authentication, and information systems have not been configured to enforce quality passwords as required by standards,” said the report..“Good identification and authentication standards include multi factor authentication, minimum number of failed login attempts, inactive session terminations, minimum password length, password complexity, and password history.”.The provincial healthcare coordinator, Shared Health, did not remove access from employees who either quit or were let go, and some employees received “privileged” access with no documented approval..Other Shared Health employees received higher levels of access than the job required..Shtykalo said there needs to be better monitoring of employees to find any employees doing “unauthorized” activity..“An unauthorized person with privileged access could steal data or funds, disrupt operations or cause system outages,” said Shtykalo.. Wab Kinew .Shtykalo said he did not include detailed information as it could comprise the government information systems, but included it in the report to the affected departments..“If this information is disclosed publicly, cyber threat actors could misuse it to compromise systems operated by these entities,” said Shtykalo..NDP Leader Wab Kinew compared “good digital security” to locking the front door of your house..“In today’s knowledge economy, good digital security to protect your private personal information is as important as having a lock on the front door of your house,” said Kinew..Government Services Minister Reg Helwer said the government had made changes based on Shtykalo’s recommendations, but will not monitor employees as closely as Shtykalo wants..“Some people obviously don’t enjoy being monitored so we have to make sure that we work with the individuals on that basis, on what’s done on the systems, as opposed to a broad-brush approach to everybody being subjected to the same outcomes,” said Helwer.
Manitoba Auditor General Tyson Shtykalo has released a report showing the Manitoba government needs to protect its information systems better from outside attacks and internal misuse..The report focused on employees with deep access in a few departments and the audit went from January 2018 to March 2022..Shtykalo found passwords were too weak and did not meet the required standards to protect the information.. Tyson Shtykalo .“For example, improvements are needed to the standards that govern identification and authentication, and information systems have not been configured to enforce quality passwords as required by standards,” said the report..“Good identification and authentication standards include multi factor authentication, minimum number of failed login attempts, inactive session terminations, minimum password length, password complexity, and password history.”.The provincial healthcare coordinator, Shared Health, did not remove access from employees who either quit or were let go, and some employees received “privileged” access with no documented approval..Other Shared Health employees received higher levels of access than the job required..Shtykalo said there needs to be better monitoring of employees to find any employees doing “unauthorized” activity..“An unauthorized person with privileged access could steal data or funds, disrupt operations or cause system outages,” said Shtykalo.. Wab Kinew .Shtykalo said he did not include detailed information as it could comprise the government information systems, but included it in the report to the affected departments..“If this information is disclosed publicly, cyber threat actors could misuse it to compromise systems operated by these entities,” said Shtykalo..NDP Leader Wab Kinew compared “good digital security” to locking the front door of your house..“In today’s knowledge economy, good digital security to protect your private personal information is as important as having a lock on the front door of your house,” said Kinew..Government Services Minister Reg Helwer said the government had made changes based on Shtykalo’s recommendations, but will not monitor employees as closely as Shtykalo wants..“Some people obviously don’t enjoy being monitored so we have to make sure that we work with the individuals on that basis, on what’s done on the systems, as opposed to a broad-brush approach to everybody being subjected to the same outcomes,” said Helwer.