Hillary Clinton Learns the Hard Way Why Network Security Best Practices Must Be Followed

image description

Hillary Clinton Learns the Hard Way Why Network Security Best Practices Must Be Followed

b2ap3_thumbnail_hillary_server_snafu_400.jpgWith the United States’ Presidential election ramping up, it’s hard to go anywhere without seeing Hillary Clinton’s face. The former U.S. secretary of state and first lady, Clinton is making her second attempt at the Presidency. She has gained some negative attention recently in regards to emails she had sent from a personal email address when she was the United States’ top diplomat and it’s opened up some questions about data security at the highest reaches of government.

Every potentially scandalous political situation presents some question of motive, and this particular one is no different. The situation started when The New York Times’ Michael Schmidt broke the story on March 2, 2015. At the time, the reporter recalled, that he didn’t think much of the story. “It was curious and it was interesting,” Schmidt told the Huffington Post, “but it didn’t seem like it was going to be some type of major story.” In fact, the situation was so under the radar that Schmidt left for vacation the day after it ran in print.

Of course, what we know now is that it has snowballed into a political scandal that many Republicans hope derails her campaign. The basics of the story are this: While she was secretary of state under President Obama she used her personal email address to conduct official state business, potentially violating federal requirements that officials’ correspondence be retained as an official record of proceedings. Moreover, Mrs. Clinton did not use a state-issued email address throughout her tenure at the state department. That alone is not the issue, however. The issue is that her staff did not preserve that correspondence, a clear failure to comply with the Federal Records Act.

Many government officials have commented on this issue, with the consensus being that Mrs. Clinton had not been in breach of any law, but that the practice of not using the state-sponsored email address is highly unusual, and deserves further investigation. Of course, Mrs. Clinton is running for the highest office in the land and the scrutiny, especially from the opposite party, has intensified. Clinton agreed to turn over the email server to the FBI; the server that her account was hosted on for the entire time she was secretary of state. The former first lady gave it over willingly, without legal precedent to do so, which suggests that Clinton doesn’t feel as if she did anything criminal. She also does not seem to have a grasp on the best practices of network security.

Since turning over the server August 12, the FBI has begun probing the server to see if, in fact, Mrs. Clinton has violated the law by mishandling classified information. In doing a damage assessment, the FBI has also begun attempting to ascertain if the email address she was using at the time, or the server itself, had been hacked. Clinton herself recently dismissed the chances that the old email server could have been infiltrated by stating that the email address “[…] was set up for President Clinton’s office. And it had numerous safeguards. It was on property guarded by the Secret Service. And there were no security breaches.”

There has been some concern from authorities and the Judge overseeing this situation, Emmet Sullivan, that Clinton or her Colorado-based IT provider had wiped the server in question when the Clintons upgraded their IT and migrated all the information from their old servers to their new ones. The provider that hosted the email server, Platte River Networks, who also turned over the server to the FBI, acquired the server in question in 2013. They have gone on the record to proclaim that there are almost certainly backups of the deleted files on the server.

Since any good IT provider will ensure their clients’ IT is backed up properly, you can bet that the content of that server, with years worth of diplomatic correspondence is someplace. The FBI’s probe will focus on getting the emails back and to ascertain how the email data was protected, whether traces of code that suggest an attempt at infiltration had taken place, and whether or not it is possible to reconstruct the logs of what machines actually accessed the server when Clinton was working for the state department.

Outside of the political realm, the whole issue brings up some interesting topics for the security of an organization’s IT. When you wipe a computer, what are you actually deleting? What kind of information can be accessed after you think everything is off your old technology? When you absolutely have to send secure emails, what solution do you use to ensure that they are received without tampering?

Although your company might not receive the same media scrutiny as a politician, suffering from data theft or hacker infiltration can be a seriously complicated situation that could cost you a lot of time, money, and even your reputation. Making sure your data is in check and your network is secure is becoming even more crucial, even for smaller businesses.

Whether you are dealing in state secrets or not, data security is important for any organization. Resolve I.T.’s technicians can answer all of your IT security questions, and find your organization the solutions they need to keep downtime to a minimum. Call us at (978) 993-8038 to get your pressing IT security questions answered today.