We looked at how to keep the teams' systems secure and saw opportunities to improve security, outlined below.
My personal worry, coming new into this environment and already having a digital footprint, is being protected from having my name known by constituents who can perhaps then seek me out. I don’t know whether that’s a valid worry or not. That’s a cause of concern for me.
I’m afraid to say that I was caught by a malicious email. I opened what looked like a genuine link and had to send to computer away to be rebuilt at PDS. It looked like a completely plausible bill or invoice that I should have addressed, so I opened it. It was dealt with very quickly and with minimal fuss, but it just shows that, you know, it can happen to any one of us, and it can look entirely plausible.
MPs and their teams work with official and sensitive data, and benefit from clear guidance and understanding of good practice. In our work with them, we discussed:
We identified basic steps to get right:
There are also both physical and virtual security risks for MPs and their staff.
MPs and their staff frequently deal with citizens who the NHS, Job Centre or local authority can no longer deal with due to dangerous or threatening behaviour. As well as trolling, several of our MPs received threatening messages while we were in their offices and we worked with their teams to ensure they had processes in place to deal with trolls and report any threats to the Serjeant at Arms and the police.
Some of our caseworkers felt at risk of online stalking from unstable clients so we helped them audit their web and social media presence so that they could feel happy that they weren’t involuntarily opening themselves up to unnecessary risks through over sharing of personal details online.