VICTORIA – A report by British Columbia’s auditor general has revealed several holes in the safety net that restricts access to provincial government systems with the discovery that some ministries weren’t following the rules.
Auditor general Carol Bellringer’s report released Tuesday looked at five ministries and how each allowed employees and contractors to access government systems with passwords and usernames.
The report didn’t look for inappropriate use of accounts, although it found more than 500 accounts that had been used after the employee had either left or was fired and more than 700 accounts still active that hadn’t been used in a decade.
Her report says the number of active user accounts surpassed the number of employees and has grown over the years and that some government organizations weren’t following the protocols for restricting unauthorized access.
The report makes seven recommendations, including that there be a central record of access rights granted to each user and that proper training be given to those who allow access to the government’s internal directory system.
The report notes that the office of the chief information officer began cleaning up dormant accounts last year and the auditor is recommending that be expanded to include accounts that have non-expiring passwords.