Briefing note for Members’ Office Managers from the Cybersecurity Team 8/2/23

Please note that you will need to have a Parliamentary Network Account in order to access some of the links on this page.

Last week the Speakers of both houses sent notices to members regarding spear-phishing attempts.

You may have seen in the news today that MP Stewart McDonald has been subject to a cyber attack on his personal emails.

In the media: SNP MP Stewart McDonald’s emails hacked by Russian group – BBC News

The source of the attack is thought to be a Russian based group called SEABORGIUM. We are briefing you to raise your awareness of the tactics used and the measures you should take to protect your personal accounts. It applies to both members and to members’ staff, so I ask that you to share the guidance with your teams. This is a quick briefing for now to update you and further more comprehensive communications issued in due course.

What you need to know:

Stewart McDonald’s personal email was compromised
The hackers achieved this by compromising the personal email account of one of his staff, who was locked out
The group sent Stewart an email from the staff account with a malicious password-protected attachment
The topic of the email was relevant to the member’s work and looked like a genuine message from his staff

Our advice:

Be sure that you are communicating with the individual you think you are – if possible, use a separate means of contact to validate this
Do not click on links or open files unless you are sure of their source
Secure your personal accounts – use strong, unique passwords and turn on multi-factor/2-factor authentication on your social media accounts and personal email
Use a different password for your Parliamentary account
Use Parliamentary devices for Parliamentary business whenever possible
Do not set up any automatic email-forwarding between your Parliamentary email and personal accounts
Protect and update your personal devices. Security tips for your mobile phone – intranet PDF
Book a cyber security briefing with your local engagement team
Report suspicious messages or activity to the Parliamentary Digital Support Desk by calling x2001

For more insight on phishing visit the cyber security intranet pages. The ‘Think Before You Link’ app, from the Centre for the Protection of National Infrastructure (CPNI) helps you identify malicious online profiles and reduce the risk of being targeted. For further information, visit Think before you link app – CPNI webpage.

ICO – updated guidance on video surveillance

The Information Commissioner has issued updated guidance on video surveillance. Please click the link below to be take to the ICO website:

https://ico.org.uk/for-organisations/guide-to-data-protection/key-dp-themes/guidance-on-video-surveillance/

Personal Security

We at w4mp are shocked at the news that Sir David Amess, MP for Southend West has died from his injuries after having been attacked at his advice surgery this afternoon. We offer our sincere condolences to his family, friends and staff at this awful time.

Members and their staff need to remain alert and be aware of their security. Please do read our guide here: https://w4mp.org/w4mp/w4mp-guides/guides-to-parliament/security-at-westminster-and-in-constituency-offices/ for information about the support which is available to you.

The Members’ Security Support Service (MSSS) provides guidance, advice and support to members of both Houses and their staff, about security away from the Parliamentary Estate. You can call them on 020 7219 2244 if you wish to discuss anything related to security and personal safety.

Further guidance can be found here:
The MSSS Sharepoint site: https://hopuk.sharepoint.com/sites/bct-MSG includes information on running a safe surgery, personal security advice, funded security measures, how to respond to intimidating behaviour.

Security away from Parliament, including at advice surgeries and in constituency offices: https://intranet.parliament.uk/Documents/Security/Members%20Security%20Advice%20bookletWEBVERSION.pdf

Hollie Gazzard Trust and MSSS talk on personal safety

This is an event from the Wellness Working Group

Wednesday 14 July 14
10:00 AM – 11:00 AM

Nick Gazzard from the Hollie Gazzard Trust talking to the group about Hollie’s story and the work of the Trust. He will be joined by Neil Cahalin from Member Security Services at the House to speak about available personal security measures available through Parliament.

About the Hollie Gazzard Trust:

Hollie Gazzard was murdered by her former partner following domestic abuse and stalking at the age of 20. Hollie’s dad, Nick is determined to raise awareness and help educate other of these issues and what this can lead to using Hollie’s tragedy as a way of getting the message across. He will explain in detail what happened to Hollie, how he turned this awful tragedy into something positive with the creation of the Hollie Gazzard Trust as Hollie’s legacy. A key aim of the Trust is prevention and he will speak about Hollie Guard a personal safety app that has now been downloaded over 50,000 times, along with the development of Hollie Guard Extra. He will finish with a Q&A session and will answer any question about what happened to Hollie, how this has affected him as a father and the family, along with the topics of domestic abuse and stalking.

RSVP to mpsstaff-wwg@parliament.uk

Important information for people planning on returning to the Parliamentary estate from Monday 11th January 2021

Important information for people planning on returning to the Parliamentary estate from Monday 11th January 2021.

The House of Commons will be returning from recess on Monday 11th January. Only colleagues necessary to the continued functioning of the Estate and parliamentary business, or related support services, should be working on-site, with all others working remotely. If you’re unsure, please discuss this with your line manager.

If you need to visit the Pass Office, please note that since July 2020 the Derby Gate Pass Office has operated an appointment service, to assist with making the environment COVID secure for everyone and only a very limited drop in service is available at the start of every hour. Without an appointment we cannot guarantee you will be seen. Please click here to make an appointment to collect your security pass, if required.

If you are returning to Parliament next week, please check your security pass is still valid. If you need to renew your pass or security clearance the forms are available here.

Opening Times

Derby Gate Pass Issuing Office are open 8:00 – 18:00 Monday to Thursday and 8:00 – 16:00 on Fridays. The first twenty minutes of every hour allow for a drop in service at Derby Gate, if you have forgotten your security pass.

A drop-in service will be available at the Black Rod’s Garden Pass Issuing Office during the hours of 9:00 – 13:00. This may be subject to change, depending on the level of demand, and opening times can be checked here, if required.

Drop-in appointments are very limited and are for emergencies only, so please ensure that you book an appointment to avoid delays.

Thank you for your co-operation and support.

Is your security clearance up to date?

Your security clearance lasts for a maximum of three years. With staff working from home, it’s quite easy to let your security clearance lapse without you realising it. However, if it does lapse, you will not only lose access to the Parliamentary estate, but you may also lose access to the Parliamentary network – i.e. your emails, the intranet, etc.

Go and have a look at your pass and check if it’s still in date. If you don’t have a physical pass, but have security clearance for network access, you can check the date on the email you were sent when clearance was first granted (you did keep it, didn’t you?)

If your clearance is due to expire soon, or has already expired, please download the Members’ Staff Security Clearance form here: https://intranet.parliament.uk/security/personal-security-vetting-and-passes/security-forms/ fill it in and send it off to the Security and Vetting Team.

UK terrorism threat level raised to ‘severe’

The UK’s terrorism threat level has been raised from “substantial” to “severe. You can learn more about this on the BBC News website here: https://www.bbc.co.uk/news/uk-54799377

Please make sure that you read the guidance on the Parliamentary intranet: https://intranet.parliament.uk/business-news/news-current-issues/news/2020/november/the-uks-terrorism-threat-level/

and read the ‘Run, Hide, Tell’ guidance here: https://www.npcc.police.uk/StaySafeAssets/FINAL%20MPS168715%20Run%20Tell%20Hide%20A5%20Lflt%20Blk%20Eng%20v3.pdf

Security forms – technical issues with electronic PDFs

PSD are aware of some technical issues with the electronic PDF forms, which are being looked at as a matter of urgency.

In the meantime, please see this guidance on the intranet for details and workarounds: https://intranet.parliament.uk/Documents/Security/Helpful-hints-and-top-tips-to-completing-your-PDF-form.pdf

Virtual Regional Roadshows

The extremely popular regional roadshows were suspended because of COVID-19. However, worry not, for the Customer Team has taken them online instead.

Rather than full day events, they have been broken down into 90-minute sessions, giving you a chance to learn about the range of services available, to influence future service provision and to share experience and knowledge with other staff working in your Region.

For full details, please go to the intranet page here: https://intranet.parliament.uk/business-news/news-current-issues/events/regional-constituency-events/

The current schedule is:

North East – Tuesday 30 June 2020
West Midlands – Tuesday 14 July 2020
Wales – Tuesday 28 July 2020
South West – Tuesday 4 August 2020
East – Tuesday 18 August 2020
London – Tuesday 25 August 2020
East Midlands – Tuesday 1 September 2020

More dates will be added later.

Skype live Q&A session with the Director of Security

On Tuesday 4th February from 14.00-15.00 MP’s and their staff are invited to a Skype live question and answer session with the Director of Security, Eric Hepburn, and Deputy Director, Emily Baldock.

This is the first time that security has done a live question and answer session via Skype and we hope that staff, who may not be at Westminster, have the opportunity to ask any security related questions they may have.

This Q&A is open to Members and their staff only. If you would like to join, please sign up using the following link:

https://www.eventbrite.co.uk/e/security-qa-for-members-and-members-staff-tickets-90622324813

You can send your question in advance and anonymously.