GCHQ Urges Politicians to Use Disappearing WhatsApp Texts

The UK intelligence service has recommended that politicians use disappearing WhatsApp messages on personal devices, which would automatically delete texts after a specific period.

Politicians using WhatsApp for personal use on their personal phones should consider enabling disappearing messages, according to the NCSC.

Users can set messages to disappear after 24 hours, 7 days, or 90 days unless they are saved. Disappearing messages can be enabled for all or selected chats.

“By enabling this feature, you can limit what an attacker could access if they manage to breach the system,” the advice states.

Politicians are also advised to be cautious when receiving messages from unknown accounts. The guidance suggests verifying the sender by calling them first.

According to an Institute for Government (IfG) report, WhatsApp is widely used across Westminster for decision-making, policy information, and informal communication.

This reliance on WhatsApp could lead to hasty decisions made with incomplete information, making record-keeping and scrutiny more challenging, the IfG warned.

In a February interview, George Adam, the Scottish parliamentary business minister, faced scrutiny over his 24-hour WhatsApp timer but claimed he did not use the app for parliamentary business.

Electoral Management System

The NCSC guidance aims to protect UK democratic institutions from cyber attacks, especially with local and general elections approaching.

The NCSC highlighted the importance of scrutinizing Electoral Management System (EMS) data and mitigating election disruption risks.

Organizations overseeing elections should secure EMS suppliers, review access levels, and enhance cloud hosting security, according to the guidance.

The NCSC emphasized the critical role of EMS software in voter registration and election administration, making its security a top priority.

Spear-fishing and Spoofing

Voters in parts of England and Wales will head to the polls on May 2 for local elections, followed by the general election later in the year.

The NCSC has cautioned about the electoral process risks posed by spear-phishing and spoofing, targeting high-risk individuals like elected representatives, candidates, activists, and staffers.

Weak passwords, lack of two-step verification, and insufficient privacy settings on social media accounts increase the susceptibility to cyber attacks, according to the NCSC.

The center advised using strong, memorable passwords and recommended utilizing password managers or keeping passwords separate from devices.

For professional social media accounts, using a social media management service to avoid sharing passwords with colleagues was suggested as a best practice.