Manitoba’s auditor general says the provincial government has introduced information technology security measures to help employees work from home, but some improvements are needed.

Tyson Shtykalo examined information technology systems after government employees began to work remotely during the coronavirus pandemic. His 23-page report says the province uses encryption to protect data, but some settings need to be bolstered.

The report says there were cases where encryption was weak and could potentially allow a cyber attacker to access sensitive or confidential data. The auditor also says some security policies and procedures related to remote work haven’t been updated in about a decade.

Read: Pension plan sponsors more vigilant of cybersecurity risks when dealing with third-party vendors: expert

The report estimates about 30 per cent of workers hadn’t completed mandatory technology training on issues such as phishing and potential threats from flash drives. “The … training is crucial for educating employees about potential threats, safe practices and the importance of maintaining security procedures,” said Shtykalo. “Remote workers who have not undergone security training are more likely to fall victim to phishing emails and other social engineering tactics. This can result in compromised credentials, malware infections and data breaches.”

Overall, Shtykalo says he’s encouraged that Manitoba has introduced security measures but feels there’s room for improvement. The report makes three recommendations on better security and training, and the government, in a written response, says it accepts all three.

Read: Cybersecurity issues rank as top concern for risk managers: survey