The next time you’re chatting with the CEO of your company, find a way to work this question in to the conversation: What percentage of the organization’s official business do you conduct using your personal email account?
Then, ask how many heads the CEO sees attached to your neck. If the response is fewer than two, you should raise more than your eyebrows.
Find a red flag and hoist it – high.
On this topic, let the cyber-scandal involving Hillary Clinton serve as a cautionary tale. The former U.S secretary of state is under fire for “exclusively” using her personal email account in all job-related matters, according to The New York Times, which first reported the story. (The “clintonemail.com” domain was registered in January 2009.)
“Mrs. Clinton did not have a government email address during her four-year tenure at the State Department,” the report says. “Her aides took no actions to have her personal emails preserved on department servers at the time, as required by the Federal Records Act.”
Use of private email in an official capacity is not illegal. But it is intended to be used only in times of emergency, such as server failure, according to the Times.
Furthermore, all sent and received emails using federal officials’ personal accounts are supposed to be archived on government servers for record-keeping purposes, as the National Archives published online for the period that included Clinton’s time as the nation’s top diplomat (2009-13).
According to CNN, Clinton’s emails to government accounts would have been flagged for archiving on the recipients’ end. As for the emails sent to non-government accounts, well, that’s where things are murky. It is unlikely those communications were automatically retained.
Clinton’s advisers reportedly reviewed “tens of thousands” of email pages and determined which ones to provide the State Department. So there’s the matter of transparency, which isn’t something to take lightly.
But that’s not the only reason to feel uneasy about this story.
What security measures were used to ensure Clinton’s electronic communications were protected? How susceptible was Clinton’s account to hackers?
Downplaying the potential of cybercriminals cracking the account, officials that spoke with Business Insider say “because of these hacking risks, Clinton used an email service that provides more robust security options than those available on typical consumer email accounts.”
However, IT security site Tripwire offers a far different take: “This is shadow IT at a grand scale. With no visibility into how Clinton’s emails were being secured, it would be impossible for the government to ensure the communications were not compromised by espionage.”
It’s also worth noting that Clinton spent considerable time traveling abroad while serving as secretary of state. NBC News reported she visited 112 countries in four years – presenting ample opportunity for emails to be intercepted.
Your business may not deal in matters of international diplomacy. But there’s still a valuable lesson all businesses can learn: You can’t be too careful when it comes to data security.
So, if the idea of putting your CEO on the spot sounds intimidating, think about sending an email.
Just be sure to use your work account.