It is alleged that Hillary Clinton or someone on her staff stored emails on an email server at her home to maintain its secrecy. Now this blog is not about politics on either side of the equation. In fact, I don’t have any type of a dog in this fight. But what I did want to do is look at this from a cybersecurity perspective.
I have said many times that most cybersecurity problems are not technical, they are human. I have also said that many of the mistakes could be avoided if people put just a little effort into the process of cybersecurity. I also have said that if there is an interest in cybersecurity from the executive staff then there will be much less chance of a major breach.
Where Did They Fail?
In the case of Hillary Clinton’s staff, they failed at every turn. First, they did not put into place what could be considered any real controls on their human mistakes. For instance, one of the key high-level players in the breach was John Podesta, his password on the system was: you guessed it “password.”
Another area of mistake was the selection of Ms. Clinton’s home as a secure location for their email server. This was a huge mistake. With so much at stake and so much on the line, the last place their email server should be stored is at Ms. Clinton’s home. This was obviously a decision from up high. Any mid-level basic IT person would have made sure this server was stored in a secured nondescript data center.
Why Did They Fail?
There could be lots of theories on why they failed or why this turned out so badly. Many of them political. And we are not into politics here. But the lesson still stands. This was a critical misstep and this failure like most comes right from the top.
If the policies were in place from the start to forbid this type of action. Many of these mistakes would not have happened. But like all major breaches once the horse is out of the barn. There is no getting it back. Learn from these mistakes and control your company’s data. Start at the top and work your way down.