In Manitoba, Canada, information technology security measures were introduced to help employees work from home.
However, auditor general Tyson Shtykalo says the provincial government still needs some improvements.
He examined information technology systems after government employees began to work remotely during the pandemic.
His 23-page report says the province uses encryption to protect data, but in some cases encryption is weak.
This could potentially allow a cyber-attacker to access sensitive or confidential data.
Shtykalo also said some security policies and procedures related to remote work have not been updated in a decade.
The report estimates 30% of workers had not completed mandatory technology training on issues such as phishing.
“The training is crucial for educating employees about potential threats,” the auditor wrote.
“Remote workers who have not undergone security training are more likely to fall victim to social engineering tactics,” he said.
“This can result in compromised credentials, malware infections, and data breaches.”