By now, you’ve probably heard that Hilary Clinton – who is widely expected to run for president in 2016 – used a family email server during her stint as a US Secretary of State. The former first lady just wanted to use one device for personal and work emails, something that would be understandable from a non-technical person’s point of view.
However, given the weight of her job, this was obviously a bad move to simplify device management. Often times, it’s the simple acts that you think are inconsequential can prove to be the most dangerous. This is true no matter who you are when it comes to IT security.
Here are four lessons that every small business owner can learn from the Clintonemail fiasco:
Tech security is not supposed to be easy.
If it’s easy for you, imagine how easy it would be for sophisticated hackers. Creating unique passwords is annoying, but using the convenient corners of your keyboard to generate one (like lolipop or minimill) for all accounts makes your information highly vulnerable.
Small business owners should ensure that everyone, from the bottom rung to the top of the ladder, complies with security policies. Instead of compromising security, think of ways to create a more efficient process.
Know your security measures.
In a news conference in New York, Clinton mentioned that the family email server has “numerous safeguards.” However, security company Venafi has found that SSL certificate wasn’t issued for the first three months of her term, around the same time when British and American spy agencies were revealed to be eavesdropping.
Make sure that you are aware of what safeguards you have in place, whether it’s in-house or outsourced IT. This is all the more important when outsourcing to the cloud or offshore data centres. You have to know exactly who has access to what information, as well as when, where and how they can access it.
In her defense, Clinton also mentioned that, “it was on property guarded by the Secret Service.” Even if you’re not the Secretary of State, no hacker with a common sense would physically break in and steal a server. It’s not some kind of vault that could be opened with a physical key. You could be standing next to a server and it could be breached without you knowing.
There are plenty of sources in the internet that can teach you the basics of IT security. If not, spend time with your IT guy or CIO (chief information officer) so that you’ll have an idea of what a data breach is and how security can be compromised. Create guidelines for your employees.
You can’t prove a negative in IT security.
Clinton emphasised that “there were no security breaches”. A hacker could copy files remotely, covered their tracks, delete log files, and exit while you’re in a meeting.
Prevention is way better than a cure in tech security. Anything can happen, but reducing risks is far better than fixing irreversible damage.
Clinton didn’t exactly leave a gaping hole in the White House IT security. Her staff said handwritten notes were used to send sensitive information via secure channels. There is no confirmation on when the first email was sent using the family email server. Nonetheless, this proves to be a great lesson for everyone. There is no such thing as a simple mistake in cybersecurity.