Since the tweet went live, it’s created a stir among the cybersecurity community. Dorries defended the practice saying that MP’s have to deal with vast amounts of emails, so had to give her staff the ability to read them and respond. However, it’s been widely pointed out that you can distribute access to email without needing to share your login credentials.
This lax approach to password sharing has prompted a response from the Information Commissioners Office:
“We’re aware of reports that MPs share logins and passwords and are making enquiries of the relevant parliamentary authorities. We would remind MPs and others of their obligations under the Data Protection Act to keep personal data secure.”
Allowing other people to have access to your computer can have dire consequences for network security. All it takes is for someone to unwittingly download a file, click a link, or plug in a USB stick with an infected file to completely cripple a business.
It’s not uncommon for breaches to stem from an internal source, so minimising the possibility is crucial. A password to an MP's computer could be worth a lot of money to those who would seek to damage our infrastructure.
It's important not to share your login credentials, no matter who you are. It’s not a question of how much you trust your employees with your details, but rather how much you value your business.
Under the new GDPR legislation coming into force in May 2018, we could see greater punishments for organisations not taking appropriate measures to stay secure.
Security experts have expressed concern about the suggestion that password-sharing is commonplace among MPs and their staff. Troy Hunt blogged about a variety of alternative ways to share access to emails and other documents without providing full access to a computer's contents. And the consultant Graham Cluley suggested: "it should worry us all if the very people who are tasked with legislating on internet privacy and security issues are proving to be so utterly clueless".