British Columbia

B.C. auditor general finds hundreds have unauthorized access to government systems

A report by British Columbia's auditor general has revealed several holes in the safety net that restricts access to provincial government systems with the discovery that some ministries weren't following the rules.

'All it takes is one poorly managed user account to potentially compromise government systems'

Auditor General Carol Bellringer looked at five ministries and how each allowed employees and contractors to access government systems with passwords and usernames. (CBC)

A report by British Columbia's auditor general has revealed several holes in the safety net that restricts access to provincial government systems with the discovery that some ministries weren't following the rules.

Auditor General Carol Bellringer's report released Tuesday looked at five ministries and how each allowed employees and contractors to access government systems with passwords and usernames.

The report didn't look for inappropriate use of accounts, although it found more than 500 accounts that had been used after the employee had either left or was fired and more than 700 accounts still active that hadn't been used in a decade.

Her report says the number of active user accounts surpassed the number of employees and has grown over the years and that some government organizations weren't following the protocols for restricting unauthorized access.

7 recommendations made

The report makes seven recommendations, including that there be a central record of access rights granted to each user and that proper training be given to those who allow access to the government's internal directory system.

The report notes that the office of the chief information officer began cleaning up dormant accounts last year and the auditor is recommending that be expanded to include accounts that have non-expiring passwords.

Her report says the government's internal directory system is the first line of defence against unauthorized access.

"Because all it takes is one poorly managed user account to potentially compromise government systems," Bellringer told reporters Tuesday during a conference call.

The report also recommends the office of the chief information officer and the public service agency compare lists of current government employees and open accounts to ensure the accounts are legitimate.

The audit covered the ministries of finance, health, attorney general, citizen services and forests, lands, natural resource operations and rural development.

Province responds

Citizens' Services Minister Jinny Sims says in a statement that the office of the chief information officer has already addressed more than 90 per cent of the accounts identified though the audit and those accounts have been suspended.

"Protection of government systems and the information they contain remains a top priority for the Ministry of Citizens' Services and the (office of the chief information officer) especially concerning the personal information belonging to people living throughout the province."

Comments

To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.