An ICT audit conducted by the Australian National Audit Office (ANAO) exposed the lax security measures being implemented by four major government agencies, highlighting the risks of possible leak of internal information.

Found wanting in observing robust IT security measures were the Australian Office of Financial Management, ComSuper, Medicare Australia and the Department of the Prime Minister and Cabinet, whose personnel were found using free web-based email accounts such as Gmail and Hotmail.

The ANAO audit also said that the four agencies have been using vulnerable passwords and fragile processes in their IT activities, with the report stressing that some employees from the office of the Prime Minister using cloud-based email accounts regularly.

ANAO called on the Department of the Prime Minister to block the use of public accounts on its ICT system, which the latter heeded and would be implemented by July 1 this year.

The ANAO review also said that all four government agencies concerned were guilty of using weak passwords, when it should be that "these accounts, which allow a high level of access across ICT systems, should use suitably complex password configurations to reduce the potential for inappropriate access."

Two agencies were discovered by ANAO using an outdated external application and advised by the auditor-general to apply patches to boost their security while one agency was pinpointed for not using documented process in web-access review logs, which could lead to external intrusion.

The audit has suggested the introduction of content filtering that would block access to non-essential and inappropriate sites, with the possibility of implementing internal network gateway certificates.

Apart from its strong recommendation that all four agencies conduct a thorough review of their administrator account passwords integrity, ANAO concluded that the audited government branches were found largely in compliance with ICT security requirements.