04/Dec/2017
Within the frenzy the Deputy Prime Minister Damian Green is facing as the pressure mounts for him to resign amid claims he made unwanted sexual advances towards a young woman and watched porn at work.
An interesting revelation seems to have come to light in an unusual way, in support of Damian Green.
Two tweets were published by members of parliament, that seem to highlight the level of disregard or need for cyber security practices and ethos to be put in place.
As we rightly preach, a security ethos within an organisation needs to be implemented from the top, with the Board members right down to the employees and embedded with the organisation’s policies right from the start, now if this cannot be implemented or is disregarded right from the top of the country in parliament that is seen as one of the main fundamental pillars of society in the UK.
What example does that set for organisations residing in the UK?.
Despite the fact that the government declared in 2013 that “The threat of cyber was a higher risk than a nuclear attack “our parliamentarian representatives show a complete lack of common security practices or arguably common sense (asking staff for your password!), a disregard to the fact that quite easily personal data of citizens could be exposed as well as misjudging the severity or sensitivity of the data in question.
Later in the same day Conservative MP, Nadine Dorries responded to her initial tweet by highlighting the fact that she does not have access to government documents.
The defence is a weak one, there seems to be a lack of understanding about importance of her online presence as well as basic security policies, she is a conservative MP that holds a place in parliament, therefore she becomes a target for attacks such as phishing, as an email coming from her is within the conservative party and therefore would most likely be considered by other members to be genuine.
Also by referring to the simplicity of her network, it is unknown whether the “2 Westminster based computers are connected to an internal network or hold other important account details even if they do not contain the documents themselves”, It is also easy enough to be able to setup sharing of an inbox without having to share a password.
To conclude the House of Commons does seem to have a security policy in place, but it makes one important mistake,
The staff handbook among a list of things, says “You MUST NOT” do is “share your password”, but that applies to staff, not their bosses, and shows there is a clear need for cyber training for politicians and a clear policy to be put in place from parliament to set the standard for UK businesses.
https://www.bbc.co.uk/news/amp/uk-politics-42216622
http://www.bbc.co.uk/news/technology-42217017
Author: Taran Ranger, CyNation
