ICO slams MPs for lack of cyber security awareness

ICO criticises MPs for lack of cyber security awareness

Following several MPs admitting sharing passwords among their employees, the Information Commissioner’s Office (ICO) has issued a warning against lack of cyber security.

A number of MPs have been giving their password data out to staff, including young interns, causing a series of questions and concerns around the lack of cyber-security implementation within the walls of Governing members.

The discovery happened after Nadine Dorries tweeted about leaving her log in available for her staff ‘every day’ including interns on exchange programmes, leaving multiple unfamiliar people with access to private data.

Dorries’ tweet read:

Taking to social media many people criticised the tweets, and actions by the MPs, brandishing them unaware of cyber security risks and what could happen to private data if passwords were given out to numerous people.

However, Dorries was not alone as another MP, Nick Boles, tweeted in reply saying: “I certainly do. In fact, I often forget my password and have to ask my staff what it is.”

Following the outcry across the social media platform, the ICO issued a statement of caution referencing its data protection principle of security, reminding MPs their obligations under the Data Protection Acts.

ICO’s twitter read: “We’re aware of reports that MPs share logins and passwords and are making inquiries of the relevant parliamentary authorities. We would remind MPs and others of their obligations under the Data Protection Act to keep personal data secure.”

Although sharing passwords is not directly in breach of the UK’s Data Protection Act it does come within breach of the House of Commons staff handbook, which outlines staff must not share their passwords.

In addition to MPs admitting to freely giving out password information, others admitted to leaving their computers unlocked and open to access by anyone in the office leaving even more concern over who could gain access of the computer and its content. However, those MPs so careless about security claim the reasons why boil down to trust in staff.

Amid the many admitting their actions, and seemingly not concerned, some MPs were shocked to see such carelessness branding the acts as a ‘woeful disregard for data security’.

Melanie Onn said:

Subsequent to a significant of cyber-attacks it brings unsurprising cause for concern around the lack of cyber-security or empathy towards safety MPs have, which could cause a significant threat to the government body and an easy way in for hackers if multiple people are aware of sensitive details.

£20m cyber security programme commissioned by Government
Microsoft boosts cyber security across NHS Trusts

Troy Hunt, Security Blogger, wrote: “This illustrates a fundamental lack of privacy and security education. All the subsequent reasons given for why it’s necessary have technology solutions which provide traceability back to individual, identifiable users.”

As well as issuing a cautionary statement against MPs and others being careless around cyber security, the ICO then released a new document outlining their ‘Guide to GDPR Regulations’.