The Westminster Parliament is back in the news as the lessons from WannaCry don’t appear to have stuck when it comes to some MPs’ relationship with cyber security.
Westminster Parliament Cyber Security
Conservative MP Nadine Dorries divulged in a tweet that her staff log in to her computer every day as she attempted to defend her colleague Damian Green who has been accused of having pornography on his House of Commons computer. The tweet appears to aim to suggest that someone else could have put this material on Green’s computer but has instead opened a can of worms about Dorries’ apparently blasé attitude to cyber security.
Following the tweet, Dorries received a considerable amount of backlash and responded by claiming that sharing passwords was standard practice around Parliament, although doing so is a breach of Parliament’s IT security. She was supported by another MP, Nick Boles, who stated that he shared his IT password with staff as well as tweeting: “I often forget my password and have to ask my staff what it is.”
Access Control
Cyber Essentials is built around five key controls which protect businesses from 80% of common cyber threats; one of these controls is known as Access Control.
It is important to keep access to your systems restricted to a minimum and make it as hard as possible for hackers to access the information they are looking for. Having a password known by many different individuals is obviously a bad move and could provide potential hackers with an opportunity to exploit.
A famous example of the consequences of sharing passwords is Edward Snowden who was trusted with passwords by his NSA colleagues – which led to the biggest security breach in history.
Whilst the MPs don’t appear to see this as a serious problem, the reality is that their attitude to cyber security may well cause problems in the future for the Houses of Parliament. If a successful cyber attack occurs, many will look back at stories such as this as an example of an accident waiting to happen.
How Cyber Essentials Can Help
The first step to keeping your organisation safe from potential future cyber attacks is to be certified with Cyber Essentials.
Certification to the Government’s Cyber Essentials Scheme protects an organisation from 80% of common cyber threats. It is also a mandatory requirement for organisations wishing to win business with the MOD, and can help your organisation prepare and defend itself against malicious cyber attacks, regardless of the sector you operate in.
