Nadine Dorries, a Mid-Bedfordshire Conservative MP, has come under fire for her lax approach to security, sharing her password with her staff, as she sought to describe this behaviour as typical in Westminster when trying to defend her colleague, MP and First Secretary of State Damian Green,
Dorries stepped up to defend Green after he was accused of having porngraphy on his computer by saying “My staff log onto my computer on my desk with my login everyday. Including interns on exchange programmes. For the officer on @BBCNews just now to claim that the computer on Green's desk was accessed and therefore it was Green is utterly preposterous !!”
People were quick to slate Dorries for this comment saying that as a woman known by the public and as a member of Parliament it is not safe to share your password and give it out to many people as it could leak information if it fell into the wrong hands.However again Dorries responded to these comments with, “Flattered by number of people on here who think I'm part of the Government and have access to government docs I'm a backbench MP - 2 Westminster-based computers in a shared office. On my computer, there is a shared email account. That's it. Nothing else. Sorry to disappoint!” suggesting that even if she did get hacked there would be nothing secret to share from her computer.
Another MP, Nick Boles also commented that he shares his login details with his staff and so this does indeed seem to be wider than just Dorries, hence hackers could access private Parliamentary data more easily than first thought because of the way in which they are sharing information.
To weigh in on the issue, Steve Schult, senior director product management of LastPass commented in an email to SC Media UK: “It's a familiar scene: when a high profile security incident such as MPs sharing passwords with employees happens, industry professionals line up to place the blame squarely at the door of humans. While humans are a key component in the security chain, we must take a more nuanced approach to understanding the technological reasons behind this. In short, it comes down to convenience versus disrupting workflow. If security ends up hindering how an employee carries out day-to-day tasks, they will be less inclined to follow best security practices, as seen in the case of Nadine Dorries.”
“Keeping passwords safely stored should be a concern for everyone, MPs included, which is why using an encrypted vault is the most convenient and secure way to keep track of each unique password across accounts. A password manager such as LastPass only requires you to memorise a single passphrase to serve as your master password, because the rest are locked up inside the LastPass vault. Also, you can securely share passwords with employees without compromising confidential data, which can be useful for departments and those who need to access a variety of work tools.”
Jay Coley, senior director of security planning and strategy, EMEA at Akamai emailed SC to say, “Recent revelations of MPs sharing their passwords with their whole teams are high-profile examples of best-practice failures that are endemic in business. People are now the number one threat to business security so, when best practice fails, technology has to step in to give businesses control over their security. Businesses today need to adopt a Zero Trust approach to security where users log in to access applications rather than networks. This can dramatically reduce the impact of a breach as abused credentials are limited in their reach. We would like to see MPs leading by example and showing UK businesses how to protect themselves and position themselves for success on the international market.”