Nadine Dorries password sharing among her staff is in violation of Parliament s cyber security policy. The Conservative MP revealed she shares her Parliamentary digital log ins with around four members of staff1 in order to handle the high volume of virtual correspondence she receives every day.
In common with other organisations, Parliament has a cyber security policy that applies to all users of its digital services, including Members, their staff and parliamentary staff, a Parliamentary spokesperson told i . In line with good practice, this policy includes a requirement not to share passwords.
Cyber security: not a Parliamentary concern, it would seem | Photo: PA
Ms Dorries made the comments on Twitter as she defended Damian Green, who is currently facing calls to step down as the investigation into whether he viewed pornography on his work laptop2 intensifies.
My staff log onto my computer on my desk with my login every day . Including interns on exchange programmes, she said . For the officer on BBC News just now to claim that the computer on Green s desk was accessed, and therefore it was Green is utterly preposterous! In response to an online backlash berating her for poor security practices, Ms Dorries attempted to downplay her importance in Westminster, adding: You don t have a team of four to six staff answering the 300 emails you receive every day.
Flattered by number of people on here who think I m part of the Government and have access to government docs .
I m a back bench MP two Westminster-based computers in a shared office, she later added.
On my computer, there is a shared email account . That s it . Nothing else . Sorry to disappoint ! All my staff have my login details . A frequent shout when I manage to sit at my desk myself is, what is the password?
Amber Rudd: not a fan of encryption (Photo: Getty)
Fellow Tory MP Nick Boles weighed in to offer his support, adding I often forget my password and have to ask my staff what it is, while James Clayton, a producer for the BBC s Newsnight, claimed it is extremely common for MPs to share their parliamentary login details with their staff . The House of Commons was hit by a sustained cyber attack in June3, targeting MP accounts with weak passwords and blocking their owners from accessing them.
A handbook for MPs and their staff4 even explicitly states passwords should not be shared, a sentiment echoed by the House of Commons Staff Handbook on Information Security Responsibilities5. The same advice is recommended by cyber security experts the fewer people in possession of a password, the more secure the account will be.
The cyber security industry makes the point about human fallibility time and again for obvious reasons . Passwords tend to be one of the basics when training staff in cyber security and for good reason, as shared or re-used passwords create weaknesses in an organisations cyber defence, said Tony Pepper, chief executive of data security company Eggress.
From there, a creative attacker can move sideways through a network, implement phishing attacks or undertake any number of malicious actions .
An enterprise can deploy all the advanced tech it likes to track, stop and forensically analyse attacks but if people make mistakes, these are neutered.
- ^ shares her Parliamentary digital log ins with around four members of staff (inews.co.uk)
- ^ viewed pornography on his work laptop (inews.co.uk)
- ^ sustained cyber attack in June (inews.co.uk)
- ^ handbook for MPs and their staff (www.parliament.uk)
- ^ House of Commons Staff Handbook on Information Security Responsibilities (www.parliament.uk)
A security guard who told a Muslim woman to remove her hijab at a McDonald s restaurant in London has been suspended. The employee told her to remove her headscarf and said it s just a matter of taking it off at a branch in Seven Sisters on Friday. The fast-food chain said on Monday that the man, who is employed by a third party, has been suspended pending an investigation into his behaviour.
The young Londoner filmed the security guard telling her to remove her hijab and posted the footage on social media . The clip also showed him blocking her from stepping towards the tills to order her food. She could be heard explaining that she wears her hijab for religious reasons after she rightly refuses to remove it. Eventually, another customer stepped in and told the employee he could not stop her from entering the restaurant.
A McDonald’s employee asked a Muslim women to remove her headscarf (@south_sab)
The Muslim woman told him: It s not just a matter of taking it off . I wear it for religious reasons and I m not ashamed of it . And I will stand in line and I will get the food that I want because this isn t OK.
I go to all the shops and any restaurant I want and in my hijab and I buy the food I want to buy and then I come here . And I literally live down this street from here.
This is actually like a hate crime, this is a hate crime.
The customer who stepped in to help then said: You can t stop her coming into here because she s wearing a headscarf. The woman replied: I m sorry I just want to know who is implementing this policy because this is f****** ridiculous. The footage ended with the Muslim woman leaving the restaurant and telling staff: I don t want anything anymore.
It was posted on Twitter by a woman named Sabrina, who said the footage was recorded by her friend. After the footage emerged online, McDonald s apologised. A McDonald s spokesman added today: We are deeply sorry that this happened, and are taking the matter very seriously, addressing the situation with both the restaurant and security firm involved.
As a business operating in diverse communities across the country, we want to make it absolutely clear that we welcome people of all faiths and do not have any policy which restricts or prevents anyone wearing a hijab, or any other religious attire, in our restaurants.
In the wake of new footage showing a car being stolen by remote access, security experts are urging drivers to take action to protect themselves. The CCTV clip released this week by West Midlands Police shows a Mercedes being stolen from outside its owner s house by thieves using a relay box to fool the car s security systems1. Relay boxes work by picking up signals from a car s key fob and transmitting them to a second box held near the car . The relayed signal fools the car s systems into thinking that the actual key is present and allows the thieves to open and start the car.
Regular remote locking fobs, which require a button press, are not vulnerable to such attacks but the increasingly common keyless entry and start systems, which allow no-touch access to cars are. Richard Billyeald, chief technical officer at security specialists Thatcham Research commented: Keyless entry systems on cars offer convenience to drivers, but can in some situations be exploited by criminals . Concerned drivers should contact their dealer for information and guidance, and follow our simple security steps.
We are working closely with the police and vehicle manufacturers to address this vulnerability. In the wake of the footage, Thatcham Research has issued five tips for drivers worried that their car might be vulnerable to such a theft:
- Contact your dealer and talk about the digital features in your car .
Have there been any software updates you can take advantage of?
- Check if your keyless entry fob can be turned off . If it can, and your dealer can also confirm this, then do so overnight.
- Store your keys away from household entry points . Keeping your keyless entry fob out of sight is not enough thieves only need to gain proximity to the key to amplify the signal.
- Be vigilant . Keep an eye out for suspicious activity in your neighbourhood and report anything unusual to the police.
- Review your car security . Check for aftermarket security devices such as Thatcham-approved mechanical locks and trackers, which are proven to deter thieves .
A list can be found on the Thatcham Research website