Hillary Clinton email scandal highlights need for cybersecurity training
Hillary Clinton, the presumptive nominee of the Democratic Party in the upcoming US election, should not be charged for using her private email server while serving as US Secretary of State – the FBI has said.
However, they did add that her actions had been “extremely careless”, despite the fact she said she did not send any classified emails from her account.
Clinton was interviewed for over three hours over the weekend about her email habits.
FBI Director James Comey said: "There is evidence to support the conclusion that any reasonable person in Secretary Clinton's position, or in the position of those with whom she was corresponding about those matters, should have known that an unclassified system was no place for that conversation.
"None of these emails should have been on any kind of unclassified system but their presence is especially concerning because all of these emails were housed on unclassified personal servers not even supported by full time security staff.”
Cybersecurity problems have plagued companies such as TalkTalk and Sony, with the latter having to pay employees £5.2million after their computer system was bypassed by hackers calling themselves Guardians of Peace. Leaked emails revealed allegations of a racist and sexist culture.
A study by Aruba Networks last year found that 87% of employees assumed that their IT departments would keep them protected, and 31% have lost data due to misuse of a mobile device. This shows a startling disconnect between the safety a company needs and the safety workers assume is there. Every member of the workforce should be educated on the risks that a lack of cybersecurity poses.
Phil Beckett, Partner at Proven Legal Technologies, has also previously said that personal devices may provide flexibility, but are putting confidential company information at risk: “As employees increasingly rely on remote working, they require access to corporate material beyond the office walls, and bring your own device (BYOD) has provided a straightforward solution.
“However, the risks this incurs for business needs to be calculated on an individual basis. If HR is to encourage BYOD, there must be a critical understanding of the threats, and measures put in place to minimise them. Alternatively, some companies may choose to introduce a blanket ban of BYOD if the risks to confidentiality are too great.
“Companies have some catching up to do in educating themselves and employees on data protection regulations and how to comply. Management must work closely with HR teams to ensure security measures are implemented across the board, and sufficient training given to employees – who hold company data in their hands.”