It’s hard not to turn on the TV or open the newspaper without hearing about the Hillary Clinton email scandal.
She’s been accused of deleting over 30,000 emails, which were deemed classified. This is serious business, and there are some important security facts to be aware of. The lack of oversight regarding the privately-owned email server may have played a role in security, amongst other things.
1. Lack of Training
The FBI director, James Comey, has said that the actions taken by Clinton were “extremely careless.” This leads to the fact that there was not enough training in place to show that this type of behavior was unacceptable. While training is provided, this kind of activity shows that there are obviously not enough policies and procedures in place.
2. A Non .gov Email was Used
Hillary Clinton used an email address ending with @clintonmail.com. This was her own personal email address, which she accessed using a blackberry, iPad, and computer. This was tied to her personal server. Had she been required to use a .gov email, it would have been tied to a government server, and there would have been a significant amount of additional protection on the data that was being transmitted.
At one point, the New York Times reported that Hillary was only using her personal email address, and this created a systemic weakness within email practices.
More than 90% of her work or work-related emails were sent to or received by state.gov accounts – the problem is that the remaining 10% were non-.gov email related and therefore the state had no access.
3. Multiple Email Addresses
It can be hard enough to keep track of one email address, let alone multiple email addresses. These were attached to different servers and therefore caused difficulty with managing. Clinton uses multiple email addresses throughout her tenure and made it difficult to reconcile all of the different email addresses. This has been said that it was an honest misunderstanding regarding the Select Committee and Hillary Clinton. Whenever there are multiple email addresses, they all need to be tied to a reliable server where copies of emails are, even after being deleted.
4. Clear Marking of Confidential
There needs to be clear marking of confidential material. Further, it needs to be treated in a different manner. What happened is that much of the email that was sent to her was previously unclassified and was upgraded to classified by the State Department because they thought it could lead to harm if released to the public.
5. A Privately Owned Server was Used
When Clinton was appointed as Secretary of State in 2009, she tied a personal email address to a personal server. It wasn’t until 2012 that the personal email server was discovered. At no point was the government informed that she was using a personal server, which led to a significant issue.
In 2013, a hacker claimed that he was able to get into Clinton’s personal email account, and released Benghazi attack related emails.
6. Records Management was Not Enforced
Records management was not enforced properly throughout the entire ordeal. While it is questionable that Hillary Clinton deleted 30,000 emails, what is more questionable is that there wasn’t sufficient records management in place. There were millions of email fragments that the FBI had pieced together, and if records were properly labeled and managed, it would have made it much easier to create a cohesive environment and also help with overall accountability.
There were all sorts of security issues, even the official state department email system was compromised by Russian hackers had she chose to use an @state.gov address. Understanding the security facts help to understand what went wrong in this situation, and think about how it might have been prevented.
To avoid your own client email scandal, learn how AbuseHQ can help. Talk to our team to see what AbuseHQ can do for your organization.