Nadine Dorries’ password sharing among her staff is in violation of Parliament’s cyber security policy.
The Conservative MP revealed she shares her Parliamentary digital log ins with around four members of staff in order to handle the high volume of virtual correspondence she receives every day.
“In common with other organisations, Parliament has a cyber security policy that applies to all users of its digital services, including Members, their staff and parliamentary staff,” a Parliamentary spokesperson told i. “In line with good practice, this policy includes a requirement not to share passwords.”
Ms Dorries made the comments on Twitter as she defended Damian Green, who is currently facing calls to step down as the investigation into whether he viewed pornography on his work laptop intensifies.
“My staff log onto my computer on my desk with my login every day. Including interns on exchange programmes,” she said. “For the officer on BBC News just now to claim that the computer on Green’s desk was accessed, and therefore it was Green is utterly preposterous!”
In response to an online backlash berating her for poor security practices, Ms Dorries attempted to downplay her importance in Westminster, adding: ““You don’t have a team of four to six staff answering the 300 emails you receive every day.”
“Flattered by number of people on here who think I’m part of the Government and have access to government docs. I’m a back bench MP – two Westminster-based computers in a shared office,” she later added.
“On my computer, there is a shared email account. That’s it. Nothing else. Sorry to disappoint!”“All my staff have my login details. A frequent shout when I manage to sit at my desk myself is, ‘what is the password?’
Fellow Tory MP Nick Boles weighed in to offer his support, adding “I often forget my password and have to ask my staff what it is,” while James Clayton, a producer for the BBC’s Newsnight, claimed it is “extremely common for MPs to share their parliamentary login details with their staff”.
The House of Commons was hit by a “sustained” cyber attack in June, targeting MP accounts with weak passwords and blocking their owners from accessing them.
A handbook for MPs and their staff even explicitly states passwords should not be shared, a sentiment echoed by the House of Commons Staff Handbook on Information Security Responsibilities.
The same advice is recommended by cyber security experts – the fewer people in possession of a password, the more secure the account will be.
“The cyber security industry makes the point about human fallibility time and again for obvious reasons. Passwords tend to be one of the basics when training staff in cyber security – and for good reason, as shared or re-used passwords create weaknesses in an organisations’ cyber defence,” said Tony Pepper, chief executive of data security company Egress.
“From there, a creative attacker can move sideways through a network, implement phishing attacks or undertake any number of malicious actions. An enterprise can deploy all the advanced tech it likes to track, stop and forensically analyse attacks – but if people make mistakes, these are neutered.”