Hillary Clinton’s email security practices criticized by inspector general - expert comment
May 2016 by
Reports are appearing online about the State Department’s inspector general has sharply criticized Hillary Clinton’s email security practices, and her exclusive use of a private email server while she was secretary of state, saying she had not sought permission to use it and would not have received it if she had.
"This is a challenge as, in my experience, many organisations, rather worryingly, say “oh yeah we know they send mails home to work with, or we allow them to use their own PC’s at home for work or "I couldn’t tell if they used our tools outside of the organisation". They are often just relying on procedure to protect their data and employees. In most cases there are no controls to stop people leaking some very sensitive data online via email, or even by other means like social media. I have had experience of employees within organisations uploading content to untrusted websites with no thought for security and how it could potentially impact the company - they just have a job to-do so it’s just easy to Google a solution and use that, typically online solutions that collect data. Often this is not meant to be malicious; it’s just that they have not considered security and the potential exposure. The question is how many people would admit to doing it internally, and is the culture more aligned to brushing it under the rug so as to not be the next big scandal. It is also becoming more challenging with the way we work and our agile approach to working.
Without controls in place, or a way to validate that the user is not doing what they are not supposed to be doing, how can you really enforce procedures? Many organisations just don’t have the time or resource on their own to police it. Organisations need to think about monitoring sensitive data leakage and considering where data could be leaked and start hunting for it."