ACT public servants lack understanding of how to protect Canberrans’ personal information and are using “high-risk” services to store it, a watchdog says.
The territory’s auditor-general, Michael Harris, released a strongly critical review of data-security practices yesterday.
Key points:
- Two Auditor-General reports in recent months have criticised the ACT Government’s cybersecurity practises
- The latest report says some public servants don’t realise the risks of sharing sensitive data via email and on USBs
- The Government has not documented the security classification of two-thirds of its IT systems
On the same day, Prime Minister Scott Morrison revealed Australia was the subject of ongoing and wide-ranging cyber attacks targeting government agencies. China was reportedly coordinating the attacks.
Mr Harris catalogued significant failures in the way ACT agencies managed private data, including staff in some directorates being unaware of the risks of sending sensitive information by email or storing it on USB drives.
His audit also found agencies relied on unauthorised cloud services to store and convert images and documents.
The security measures used by these services were often…