As someone in a high profile role and privy to sensitive information, your MP is at greater risk of cyber attacks.
Among the potential means of cyber attack is something known as spear-phishing. This is when a communication is sent to a particular person and is designed to look like it has come from a known or trusted contact.
These can be sent to personal email addresses as well as business email addresses. Malicious links can be included in such emails through a URL or can be embedded into a document on something like Google Drive.
The victim can then be directed to a fake sign in page for what appears to be a legitimate service. Their details will then be used to sign into their own account and to forward any future correspondence to the cyber attacker.
If in doubt about whether an email is genuine then check via a different means. Also do a regular check to ensure there is no mail forwarding active on your MP's account
Be very careful about what, if any, personal information your MP shares via social media. It could be used as part of a spear-phishing attack. Cyber attackers will often gather and use such information to devise persuasive and convincing emails.
Likewise, caution your MP to be careful about connecting with people on social media, even when they appear to have mutual contacts. They could be fake accounts, set up to impersonate others.
Consider using a professional social media management service, which will enable you and your colleagues to create posts without the need for your MP to share their passwords.
Using a social media management tool enables an audit trail to be kept in terms of who has posted content. If using a social media management tool, ensure that account access logging is switched on, if it is available.
You should ensure a content approval process is in place, setting out how any draft social media content will be checked and signed off to guard against any problematic content.
Only authorised staff should have access to your MP's social media accounts and social media management tools. Ensure that such access is removed before any staff members leave their role and change any passwords which they had access to.
You should also ensure that an emergency recovery plan is in place. This should set up what to do, for example, if an employee or anyone with access to your MP's accounts has posted damaging content.
You need to know who to contact in advance of any such situations arising.
Ensure that you and your colleagues and your MP lock any devices when not using them.
The National Cyber Security Centre advises the use of three different words combined to make a stronger password. This renders it more difficult to hack and easier for you to remember.
https://www.security.gov.uk/guidance/social-media-guidance/
https://www.security.gov.uk/guidance/social-media-guidance/using-social-media-securely
https://www.security.gov.uk/guidance/social-media-guidance/perform-social-media-security-assessment
Guidance on recovering a hacked account:
The National Cyber Security Centre
https://www.ncsc.gov.uk/guidance/recovering-a-hacked-account
For more information on protecting what you post on social media, visit:
https://www.ncsc.gov.uk/guidance/social-media-protect-what-you-publish
Reporting a cyber attack
You can report any cyber attack incident via the link below:
Share this page:
