What's the Big Deal About Private Email for Government Officials?

It looks like private emails for government officials have become a hot news story yet again. This time the culprits are Jared Kushner and Ivanka Trump.

In the run-up to the 2016 president election, the use of a private email server plagued the Clinton campaign. Ms. Clinton's use of a private email server was the leading rationale for voters who believed her to be less than trustworthy. But what is the big deal about private emails? Should this be something the private sector should worry about too?

Let's examine these cyber policy questions.

Playing with Fire
According to reports, at least five members of the Trump administration used personal email for public business, despite being briefed on matters of cybersecurity by the National Security Agency (NSA). Offenders include Jared Kushner, Ivanka Trump, Gary Cohn (Donald Trump's top economic advisor), former chief strategist Steven Bannon and former White House Chief of Staff Reince Priebus.

So, what's the big deal? Well, there are a few key concerns. The first is that private emails and devices are more likely to be breached by nefarious actors. And since the communications are private, security personnel cannot properly monitor them.

Additionally, the president's administration has been unable to shake cloud of suspicion surrounding the possible collusion between the Russian government and the presidential campaign. Private communications between the Trump team and Russian officials has already been confirmed, making the issue of private email re-routed through The Trump Organization an issue of accountability.

And then there is the hypocrisy of chanting "Lock Her Up" when Clinton was found to be using a private email server. Many members of the Trump team continued to do the same thing.

Politico explains the NSA warned senior officials during classified briefings that improper use of personal cellphones and email could open the administration to espionage from Russia, China, Iran and other adversaries.

"The NSA briefers explained cyberspies could be using sophisticated malware to turn the personal cellphones of White House aides into clandestine listening devices, to take photos and video without the user's knowledge and to transfer vast amounts of data via Wi-Fi networks and Bluetooth." The article goes on to report "The NSA briefers told Trump aides using their personal devices for work, including passing files and emails from one system to the other, could give cyberspies access to their work computers and email, too."

Richard Clarke, a former top cybersecurity advisor to three presidents, explained "Jared is probably one of the top five or 10 targets in the U.S. government because of his access to the president and because of the portfolios he's been given," referring to Kushner's duties including fostering Middle East peace, reforming the Opioid crisis, criminal justice reform and more. "It's a pretty safe bet his personal devices have been compromised by foreign intelligence services. And therefore there is some risk that meetings he attends are compromised too."

So, what can private businesses learn from this media controversy?

  • Private or undisclosed devices and email accounts used for work can be breached by malicious hackers. Avoid leaking information by divulging your activities to the IT department.
  • It is harder to detect these breaches. Increased monitoring means decreased risks.
  • Cyberspies are hungry for data. Hackers will use any means necessary to infiltrate your network including public Wi-Fi, malware-compromised devices, social engineering scams and more.
  • 'Bring Your Own Device' and 'Work from Home' office policies should be carefully managed. This will prevent will prevent information from leaking outside the network and attacks from coming into the workplace.

Do the smart thing and keep your business communications relegated to business devices and service. However, even if you are hacked, cyber policy insurance can help you. Visit CyberPolicy for more information.

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375