Federal government departments and agencies need to do more to protect information from hackers, a new report from the national auditor-general says.
The auditor-general said out of 70 findings from a series of audits, 56 per cent related to the "management of information technology controls", particularly the management of privileged user access.
"Privileged users" in departments and agencies are people able to make significant changes to IT systems, bypass critical security settings and access sensitive information.
Cybersecurity agency, the Australian Signals Directorate, has repeatedly warned in its advice to government departments one of the key targets for hackers is user accounts with administrative privileges.
The auditor-general said it was clear "entities need to focus on processes to monitor IT controls to prevent reoccurrence of issues".
"The findings ... increase the risk of unauthorised changes being made to systems and data, or unauthorised data leakage," the report released this week said.
The report recommended such privileged user access be better restricted and, when provided, that the access is logged, regularly reviewed and monitored.
In the case of the education department's database systems - hosted and maintained by the Department of Jobs and Small Business - there was "no evidence" of regular monitoring of privileged user access.
But the department has since pledged to put in place a logging and monitoring policy.
Cyber security has been in the headlines recently, with revelations of the hacking of the Australian National University's database and a breach of the Parliament House network in February.