Matt Handcock Could Have Exposed The Government To Cyber-attacks

BACKGROUND:

As reported in the Guardian (and elsewhere), Matt Hancock “used a personal email account to conduct vital Department of Health business.

Senior health officials had previously warned about Hancock’s conduct, saying that he “only” deals with his private office “via Gmail account The health secretary was given an official email account, but it was reported that he preferred to use his personal one. The practice, in contravention of official guidelines, means officials may not have a complete record of government dealings prior to and during the pandemic.”

Subscribe
Notify of
guest
1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Mark Rodbert
Mark Rodbert , Founder and CEO
InfoSec Expert
June 28, 2021 9:01 am

<p>We should be clear that the practice is not in \"contravention of official guidelines\". It would be instant dismissal in any commercial organisation and a code of conduct report in local Government. It is not a matter of preference. From a security point of view, Matt Handcock could have exposed the Government to cyber-attacks.</p>
<p> </p>
<p>Personal accounts are less secured and are not monitored by the Government’s cyber security. Personal emails are cracked easier than the encrypted accounts issued to Ministers. If a cybercriminal can access a personal email, which is easier than you may think if the password is a combination of English words, they can control the email account. Once they have the control, the cybercriminal can use this as an email address to be a \’trusted\’ contact to communicate with other accounts. In doing this, the attacker establishes a trust that leads to the individual passing on something of value. They can also set up email rules to ensure that the compromised user cannot see that they are sending or receiving fraudulent messages. Almost every cyberattack includes some element of a compromised internal credential like this\".</p>

Last edited 11 months ago by Mark Rodbert
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x