Matt Handcock Could Have Exposed The Government To Cyber-attacks

BACKGROUND:

As reported in the Guardian (and elsewhere), Matt Hancock “used a personal email account to conduct vital Department of Health business.

Senior health officials had previously warned about Hancock’s conduct, saying that he “only” deals with his private office “via Gmail account The health secretary was given an official email account, but it was reported that he preferred to use his personal one. The practice, in contravention of official guidelines, means officials may not have a complete record of government dealings prior to and during the pandemic.”

Experts Comments

June 28, 2021
Mark Rodbert
Founder and CEO
Idax

We should be clear that the practice is not in "contravention of official guidelines". It would be instant dismissal in any commercial organisation and a code of conduct report in local Government. It is not a matter of preference. From a security point of view, Matt Handcock could have exposed the Government to cyber-attacks.

 

Personal accounts are less secured and are not monitored by the Government’s cyber security. Personal emails are cracked easier than the encrypted accounts issued to

.....Read More

We should be clear that the practice is not in "contravention of official guidelines". It would be instant dismissal in any commercial organisation and a code of conduct report in local Government. It is not a matter of preference. From a security point of view, Matt Handcock could have exposed the Government to cyber-attacks.

 

Personal accounts are less secured and are not monitored by the Government’s cyber security. Personal emails are cracked easier than the encrypted accounts issued to Ministers. If a cybercriminal can access a personal email, which is easier than you may think if the password is a combination of English words, they can control the email account. Once they have the control, the cybercriminal can use this as an email address to be a 'trusted' contact to communicate with other accounts. In doing this, the attacker establishes a trust that leads to the individual passing on something of value. They can also set up email rules to ensure that the compromised user cannot see that they are sending or receiving fraudulent messages. Almost every cyberattack includes some element of a compromised internal credential like this".

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.