American presidential hopeful, Hillary Clinton, found herself in the middle of a scandal that could derail her bid for the position of Democratic nominee. This controversy centres on the fact that she set up and used a personal email server in her home office, and used it for official communications during her tenure as President Obama’s Secretary of State in place of the secure public domain.
Many of the messages sent were of a highly sensitive nature – had the server been hacked or compromised, these emails could have had major security implications for the US government. Government IT officials had no idea that the server existed, so didn’t have the chance to put sufficient security provisions in that would encrypt messages that were both being sent and received.
Clinton’s unusual email activities could possibly affect the highest echelons of the US government, but surprisingly similar situations can occur with small British businesses too.
Shadow IT systems
For years, IT management has struggled against personal computing devices accessing their corporate resources. Advancements in technology and the consumerisation of IT services means that almost everyone has a smartphone and is capable of hooking into company email servers and file stores.
In many cases, bringing your own device schemes (BYOD) is a great way to help boost connectivity and keep your employees connected at all times. It also helps keep the business running in the event of a localised problem that knocks your office out. The key is to manage BYOD so you know who is using what and where they are.
Use Mobile Device Management
Mobile Device Management – MDM –provides a way to manage security setting on personal smartphones and tablets that connect to your network. This includes wiping devices remotely if they are lost, or forcing software upgrades to maintain security levels.
When employees ask to connect devices, you should enrol them in an MDM system to maintain some control of this ‘shadow IT’ system.
Use Cloud services for email
Using a hosted email service it is much easier for your employees to access official systems from anywhere in the world – including your employees’ home offices. By simplifying access to email, there is no reason for employees to set up their own servers, or to bypass your security systems. This means that your sensitive data is much less likely to be lost, stolen or accidentally leaked.
Enforce your employment policies
Most employment contracts contain a clause about protecting company IP, abiding by the relevant IT rules and regulations to maintain security. As part of her security clearance, Hillary Clinton agreed signed a nondisclosure agreement that contained clauses banning her from taking confidential information out of approved secure systems – including using her own email server.
Clinton is unlikely to face prosecution for her actions, setting a bad example for businesses in a similar position. If your organisation specifies disciplinary procedures for breaching security, they must be enforced to act as a genuine deterrent against poor security habits.
The fallout from a data breach at your business is unlikely to affect national security, but it could seriously damage operations – and your reputation. To learn more about shadow IT and improving security, please give our team a call.
Leave a Reply