What can we learn from the Clinton Email Server? A Non-Partisan Commentary
Posted in: Commercial Insurance
Businesses have to use technology to compete and by doing so they are exposed to new risks related to data and network security. Yet options to do anything meaningful to protect data and networks can be confusing, limited or simply inadequate. Further complicating the issue is that society and laws are struggling to catch up with technology so it is difficult to fully understand cyber risks and the financial consequences of doing business in the cyber age. This reality can make it difficult for leadership teams in organizations to determine the best way to approach cybersecurity.
Successful cyber risk management strategies include direct involvement from organizational leadership that elevates cybersecurity to a business function cutting across people, process and technology. Unfortunately, in many instances for a variety of reasons, businesses hyper focus on technology and fail to consider the importance of people and process in their approach to cybersecurity. This can create conditions where cybersecurity and usability are at odds leading to new unexpected vulnerabilities.
The good news is that there are ways to approach cybersecurity that infuse process, people and technology. And, there is a lot that can be learned from the high profile and visible examples of breaches and cybersecurity failures that are in the headlines. A good recent example is the highly publicized Clintonemail.com server debacle.
What Went Wrong?
According to a recent article published by Tech Crunch titled, “Whats this Whole Email Thing About, Anyway,” at least one purpose for using the private Clintonemail.com server was to work around security technology Clinton felt was not usable and made electronic communication cumbersome and out of alignment with the demands of the job. While it is likely the creation of the private email server did make it easier for Clinton and her staff to communicate, it also circumvented important security controls protecting sensitive information.