According to an article published today by PR Week, The Parliamentary Labour Party in the UK are increasingly worried that an email account belonging to Derek Draper has been compromised.
According to the article there have recently been “three or four” stories made public which could only have resulted from an unknown party having access to the compromised email account. They also go on to say:
“However, it is feared that the individual behind the hacking may be sitting on hundreds or thousands of emails – potentially dating back years – that could be used to destabilise the Government in the run up to the next election.”
I’m not a political blogger, nor do I really ever want to be, but I do think it is worth making the point that, if you are using an email account, that contains over 10 years worth of information strong enough to “destabilise” a national government there are a few basic ground rules you should follow:
- Use encryption.
- Use very strong passwords. Choose at least three complex passwords, easy to remember but difficult to guess, use a combination of numbers, upper and lower case letter and special characters like !£$@&. (Trend Micro’s advice on password creation is available in our Safe Computing Guide).
- Use the first password as a general one for the majority of sites that require passwords to login.
- The second password, use for your email account and only your email account, make the password as strong as possible and *never* share it. Your email account is the holy grail of cybercriminals, as with access to this they can easily access and reset many other online accounts you may have.
- Finally use the third password for any websites that could have financial consequences, again *never* share or reuse this password.
- These passwords should be changed at least every six months.
- Use encryption.
If the suspicions are true, this will not be the first time that a government-associated email account hosted by an online mail provider has been compromised. Jack Straw’s Hotmail account was used by 419 scammers earlier this year which at the time raised questions over the suitability of using non-governmental email accounts for conducting constituency or parliamentary business.
While Mr. Draper himself is not a member of the Parliamentary Labout Party, you would certainly hope that the kinds of senior political figures he corresponds with would have received enough training in Information Security to think twice about sending unencrypted sensitive information to a web-hosted email address.
After all, anyone can be anyone on the internet.