The Province of Manitoba is managing IT security risks associated with remote access, but some improvements are needed, says Auditor General Tyson Shtykalo. The finding is contained in a new report, Managing IT Security Risks for Remote Access.

“The global COVID-19 pandemic transformed the traditional workplace structure. Employees in a variety of sectors learned to work remotely, or share time between home and the office,” Shtykalo said. “I’m encouraged that Manitoba has introduced security measures to protect information and systems used by employees to work remotely, but there is still more to be done.”

The audit found:

  • The province uses encryption to protect data, but some settings need to be improved.
  • Approximately 30 per cent of provincial employees have not taken mandatory security awareness training.
  • Security policies and procedures related to remote work are outdated.

“Addressing these findings would create a more secure work environment,” Shtykalo said.

The audit also found that devices used when working remotely are authenticated and securely patched, and security issues are identified and promptly mitigated.

The report contains three recommendations to better manage IT security risks associated with remote access.

To view the report, please visit oag.mb.ca.