Vancouver Island University is falling short in managing cybersecurity, an audit by the province’s auditor general has found.
In a press release issued Tuesday, Aug. 1, the B.C. Office of the Auditor General stated that VIU’s board of governors “needs to improve its oversight of the university’s cybersecurity risk management practices” with deficiencies in the board’s training and policy and strategy oversight, something the report said are vital safeguards for the post-secondary institution’s systems and data.
Boards manage cybersecurity by holding universities responsible for identifying and mitigating risks, the press release said.
In addition to not sufficiently managing risk mitigation strategies, the audit found VIU’s board lacked training in cybersecurity risk management. Board members should be trained in cybersecurity risk management first when they join the board, and every year thereafter. Further, the board had not approved an updated risk management policy in more than 10 years, the audit found.
The press release went on to say VIU’s board has accepted recommendations by the report, which relate to cybersecurity risk mitigation and responses, board training and development and maintenance of policies.
Michael Pickup, B.C.’s auditor general, noted that cyberattacks are becoming commonplace and are always changing and growing and institutions like VIU play an important role in protecting themselves against ransomware and the like.
“I’m pleased that the VIU board has committed to acting on our recommendations,” Pickup said in the press release. “I hope other university boards can learn from our report.”
VIU has approximately 12,000 students and 1,500 faculty and staff at campuses in Nanaimo, Duncan, Parksville and Powell River.
The auditor general is expected to hold a news conference later today in Victoria.
READ ALSO: VIU dealing with multimillion-dollar deficits
karl.yu@nanaimobulletin.com
Subscribe to our newsletter for the latest news