76% of state MP websites have security issues


By Dylan Bushell-Embling
Friday, 17 May, 2019

76% of state MP websites have security issues

More than three-quarters of Australian state MPs' websites do not follow digital security best practices, according to a study from web hosting provider Network Dynamics.

A sweep of the web presence of 582 members of parliament found of the 237 with websites, nearly half (115) were hosted overseas.

A number of these are hosted through a US-based company called Nation Builder through an arrangement that effectively means Australian MPs' data are being held under foreign jurisdiction.

This is in contravention of best practice recommendations from the Australian Cyber Security Centre, which encourages organisations to choose vendors that only store, process and manage sensitive data within Australian borders.

In addition, 31 of the 237 websites either lack SSL encryption or have incorrectly installed security certificates, leaving the sites at risk of leaking data. Of the websites that do use SSL certificates, 133 use a free version.

Finally, 36% of MPs domain names list third parties as registrant contacts in the WHOIS database — typically web developers or agencies that have built their sites.

This opens the risk of more MPs losing control of their domains in the way Prime Minister Scott Morrison did in October last year when the domain was inadvertently allowed to lapse.

Network Dynamics said two separate attempts to inform state MPs of the findings of the sweep and recommend improvements to their security resulted in a mere seven human replies. The emails only had open rates of 25.2% and 32.6% respectively.

Image credit: ©stock.adobe.com/au/Sergey Nivens

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related News

23% of connected healthcare devices vulnerable to attack

New research from Claroty indicates that a high proportion of medical devices connected to...

Dynatrace completes IRAP assessment

Observability and application security company Dynatrace has been certified to manage Australian...

GCSB updates NZ Information Security Manual

New Zealand's Government Communications Security Bureau has published some minor updates to...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd