Looks like more bad news from the Trump administration. Recent news reports reveal that Vice President Mike Pence's personal email (used for government business) was hacked while he was governor of Indiana.
CyberPolicy explores the latest cybersecurity news, what it means for the nation and how to best protect your small business against similar threats.
Email Scandals Keep on Rolling
During the 2016 presidential campaign Pence was a vocal opponent of Democratic candidate Hillary Rodham Clinton for her use of a private email server during her tenure as U.S. secretary of state.
In late October, Pence tweeted, \".@realDonaldTrump and I commend the FBI for reopening an investigation into Clinton's personal email server because no one is above the law.\"
But now Pence is caught up in his own controversy, as it appears that the former governor's private AOL email account was used for official business and was compromised by hackers.
While some have accused Pence of 'staggering hypocrisy' there are a few important distinctions between the two incidents.
First, it is not illegal for politicians to operate a private email account for work in the state of Indiana. Some have even argued that doing so is necessary since it is prohibited, under Indiana law, to use an official account for political business.
This differs from the quasi email scandal that plagued Clinton's campaign since it is, in fact, illegal for members of the State Department to use a private account for government business. The primary reasons for this relate to security and transparency.
The second difference is that the former governor of Indiana was actually hacked, whereas with Clinton there were only concerns of vulnerability rather than evidence of breach or tampering.
What remains to be seen, however, is whether any of the stolen data is a threat to national security. Clinton's emails, it was argued, contained information that could be considered confidential in nature or that she was purposefully dodging transparency rules.
While the vice president's emails (at the time this article was written) have not been released due to concerns of sensitive information, Pence did communicate with top advisors over his AOL account regarding security gates at the governor's residence, the state's response to terror attacks around the world and an update that the FBI arrested several men on federal terror-related charges.
Incidents of this nature aren't only aimed at government officials; the private sector are also a prime target for cybercrime (just ask Sony). Although cybersecurity news has focused heavily on implications of state-sponsored hacking, breaching an email account is relatively easy using common phishing scams.
Broadly speaking, a phishing scam can work one of two ways. Either an anonymous hacker will engage in a 'pray and spray' technique, sending out as many phony emails as possible hoping users will click an infected link, open a harmful attachment or share proprietary information with the sender. A spear phishing attack, on the other hand, is more targeted and will sometimes use the names or real accounts of people you know. In fact, the latter is what was used to breach John Podesta's email.
Don't get hooked. Educate your team about the dangers of phishing and advise them not to open emails from senders they do not know well and never to share sensitive private or professional information over email. If you are unsure about the legitimacy of an email, discuss it with the sender in person.
Not even our highest levels of government are safe from digital intruders. Protect your business and yourself with a cyber insurance plan that makes sense. Visit CyberPolicy to learn more or check out our cybersecurity news section today!