76% of state MP websites have security issues

More than three-quarters of Australian state MPs' websites do not follow digital security best practices, according to a study from web hosting provider Network Dynamics.

A sweep of the web presence of 582 members of parliament found of the 237 with websites, nearly half (115) were hosted overseas.

A number of these are hosted through a US-based company called Nation Builder through an arrangement that effectively means Australian MPs' data are being held under foreign jurisdiction.

This is in contravention of best practice recommendations from the Australian Cyber Security Centre, which encourages organisations to choose vendors that only store, process and manage sensitive data within Australian borders.

In addition, 31 of the 237 websites either lack SSL encryption or have incorrectly installed security certificates, leaving the sites at risk of leaking data. Of the websites that do use SSL certificates, 133 use a free version.

Finally, 36% of MPs domain names list third parties as registrant contacts in the WHOIS database — typically web developers or agencies that have built their sites.

This opens the risk of more MPs losing control of their domains in the way Prime Minister Scott Morrison did in October last year when the domain was inadvertently allowed to lapse.

Network Dynamics said two separate attempts to inform state MPs of the findings of the sweep and recommend improvements to their security resulted in a mere seven human replies. The emails only had open rates of 25.2% and 32.6% respectively.

Image credit: ©stock.adobe.com/au/Sergey Nivens

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.