Briefing note for Members’ Office Managers from the Cybersecurity Team 8/2/23

Standard

Please note that links to the old Parliamentary intranet have been removed as of October 2023. Please use search on ParliNet to find relevant current details, if available.

https://parlinet.parliament.uk/house-of-commons-members-staff/

Please note that you will need to have a Parliamentary Network Account in order to access some of the links on this page.

Last week the Speakers of both houses sent notices to members regarding spear-phishing attempts.

You may have seen in the news today that MP Stewart McDonald has been subject to a cyber attack on his personal emails.

In the media: SNP MP Stewart McDonald’s emails hacked by Russian group – BBC News

The source of the attack is thought to be a Russian based group called SEABORGIUM. We are briefing you to raise your awareness of the tactics used and the measures you should take to protect your personal accounts. It applies to both members and to members’ staff, so I ask that you to share the guidance with your teams. This is a quick briefing for now to update you and further more comprehensive communications issued in due course.

What you need to know:

  • Stewart McDonald’s personal email was compromised
  • The hackers achieved this by compromising the personal email account of one of his staff, who was locked out
  • The group sent Stewart an email from the staff account with a malicious password-protected attachment
  • The topic of the email was relevant to the member’s work and looked like a genuine message from his staff

Our advice:

  • Be sure that you are communicating with the individual you think you are – if possible, use a separate means of contact to validate this
  • Do not click on links or open files unless you are sure of their source
  • Secure your personal accounts – use strong, unique passwords and turn on multi-factor/2-factor authentication on your social media accounts and personal email
  • Use a different password for your Parliamentary account
  • Use Parliamentary devices for Parliamentary business whenever possible
  • Do not set up any automatic email-forwarding between your Parliamentary email and personal accounts
  • Protect and update your personal devices. Security tips for your mobile phone – intranet PDF
  • Book a cyber security briefing with your local engagement team
  • Report suspicious messages or activity to the Parliamentary Digital Support Desk by calling x2001

For more insight on phishing visit the cyber security intranet pages. The ‘Think Before You Link’ app, from the Centre for the Protection of National Infrastructure (CPNI) helps you identify malicious online profiles and reduce the risk of being targeted. For further information, visit Think before you link app – CPNI webpage.

Remote working and cyber-security

Standard

Please note that links to the old Parliamentary intranet have been removed as of October 2023. Please use search on ParliNet to find relevant current details, if available.

https://parlinet.parliament.uk/house-of-commons-members-staff/

Whilst most people are now working remotely, it’s tempting to add lots of new apps to your computers and devices.

Please be aware that must not download any apps or software onto Parliamentary devices without seeking advice and permission from PDS first.

Any software that conflicts with security systems or with the safe operation of parliamentary equipment will be removed by PDS.

Please read the guidance here:

Introducing the new Director of the Parliamentary Digital Service

Standard

Heading into the future without forgetting the past – A Parliamentary Digital Service Blog Post

2017 has included some unexpected things for the PDS. In her first week, Tracey Jessup talks about becoming the new Director, what PDS has achieved so far and what the future holds.

Read more at the Parliamentary Digital Service Blog: https://pds.blog.parliament.uk/2017/09/15/heading-into-the-future-without-forgetting-the-past/

 

Having problems logging in?

Standard

As you will be aware, as a result of the cyber-attack at the weekend, the good folks in the IT department have been working round the clock to protect the system.

Many of you will find that you are having problems logging in at the moment, whilst the work is ongoing.

Please do not ring the help desk.   If you’re on the Parliamentary estate, please be patient and don’t swamp the help desk with calls – they are working on it as fast as they can, and every extra phone call takes them away from the task in hand.   If  you do need to speak to someone, please go one of the drop-in centres instead:

Drop-in centres
Lords Members and Lords Members staff: Moses Room (9am)
Commons Members: Members Centre, PCH (9am)

Commons Members staff: Boothroyd Room (10am)
Staff of both Houses and Digital Service Staff: Boothroyd Room (10am)

Digital Service colleagues will be floor-walking in Fielden House, Millbank House, 7 Millbank and 14 Tothill Street from 10.00 am.

If you’re in the Constituency

Please be patient.  The Digital Service team will contact you in due course – there’s a lot of people to contact, so it will take a while.