This news article follows on from the Damian Green enquiry where evidence of accessing pornographic material was found on his computer.
Green is adamant that he wasn’t accessing the sites and noted that he shares his password with a range of staff including temporary staff, such as work placement initiatives.
In addition to this, fellow MPs have said they too share passwords with other members of staff so that they can access their PC when they are not around to complete work. Will Quince, Colchester representative even suggested that he doesn’t share his password, instead he leaves his PC unlocked for all to use.
Why is this bad
Despite the outcome of the enquiry the main concern is that MPs appear to be sharing passwords/access to personal user accounts. This opens the possibility of misuse and also impersonation - so no one can guarantee if an email is coming from the MP or a member of staff so it damages the integrity of the data that is sent.
There is also the risk of malicious intent. Should a computer be unlocked, then anyone could access the files and emails on the computer. These could also be sensitive and used against the user.
How to prevent this
The key here is to not share passwords. In no situation should another user access a file or folder as a different user - this is for logging/auditing purposes and security.
Files that need to be shared should be done through a folder share and assigned permissions. Emails can be set up as “send on behalf” which allows users to send as a user but shows the original sender as well. The key here is to create an audit log of what happened, when and who did it.
Please also refer to previous articles we have written to help you become more secure, such as the 7 wireless and mobile tips article.
More on this story can be found here: https://www.theguardian.com/politics/2017/dec/01/whos-who-in-the-damian-green-inquiry-tory-mp-accused-of-inappropriate-behaviour-pornograph-computer