Cybersecurity 101: don’t share your login details

Caroline Scotter Mainprize | December 4, 2017

If you want to protect your business from hackers, don’t do what MP Nadine Dorries does and give everyone in your office access to your login details.

As part of the row over who might have had access to Damian Green’s computer, Nadine Dorries tweeted that, ‘My staff log onto my computer on my desk with my login every day. Including interns on exchange programmes …’

Apparently oblivious to the horrified reactions of other Twitter users, she said, ‘All my staff have my login details. A frequent shout when I manage to sit at my desk myself is, “what is the password?”’

This is seriously bad practice. Whatever she may say about not having access to sensitive documents, she is making the whole government system vulnerable, as well as opening herself up to exploitation. We don’t know exactly how the House of Commons networks are configured, but with her tenuous grasp of the basics of cybersecurity, clearly neither does Nadine Dorries. It may be extraordinarily easy for hackers to target her email account and, through it, gain access to any other part of the system. Just as a disgruntled intern could impersonate her on email, though her own email account, and apparently send out any number of inappropriate communications.

We cannot stress it enough:

  1. Never, ever, share passwords or other login details with anyone
  2. Make sure all members of staff have separate network logons
  3. Beware setting up shared email accounts with easy-to-remember passwords, even for offices that have a lot of email traffic, such as customer services
  4. Delete email addresses immediately for people who have left the business, including temps and interns
  5. Delete all old VPN or virtual workstation connections – these connections are an easy way into the system for hackers, especially if the passwords are weak
  6. Use extra strong passwords. The latest advice is to use three words that mean something to you but that are not connected in any obvious way – plus numbers or special characters for extra strength.

At First Line IT we now run an online training course to help employees understand the risk of cyber-crime and guard against attacks. Contact John Crozier for details.