Blog
Avoiding Human Error – A Look At Hillary Clinton’s Email Misstep
One of the most discussed pieces of technology news of the last several months has been surrounding Hilary Clinton’s private email server, which she used to conduct government business while acting as Secretary of State. It was revealed that Clinton had been sending emails containing classified information through her personal account which was being managed and administered by a civilian without security clearances. Undeniably, the national security implications associated with these types of incidents are profound and alarming, not just within the government sector but to SMBs who are now forced to ask – how do we ensure that all company communications are being sent and received via secure resources?
As the personal technology space continues to grow and evolve, many employers are now faced with the problem of deciding what – if any – limits to implement regarding employees use of their personal equipment (smartphones, laptops) to conduct company business. Many organizations have adopted Bring Your Own Device policies, which allow employees to use their personal devices to conduct business, provided that they meet minimum security requirements.
However, despite these precautions, there is still the possibility that employees will use their personal devices to conduct business in a manner that is not consistent with the policies and procedures in place. For example, what happens when you get into the murky waters of text messages? It’s entirely possible, and not at all unheard of, that clients and prospects might reach out to company employees via text message to try to get a speedy reply to a question, or that employees may send a quick a text to a client to alert them they are running late to a meeting. For organizations that work with state or local governments, the military, or within industries with strict compliance standards, such as HIPPA, CMR, or PCI, maintaining records of all text messages and phone calls may be necessary to meet minimum security or compliance requirements.
For businesses where security and or compliance are critical, there are ways to monitor these communications – including text messages and calls – by installing third-party applications on employee mobile devices. This does, however, mean that employees’ private text messages and call logs would also be archived, which may not sit well with all employees. After all, these are their private, personally owned devices and their private communications with friends, family, doctors, etc. They could, of course, elect not to use the devices to conduct business, but in today’s landscape that would be highly inconvenient to everyone involved.
As an IT provider, we understand that every business is unique and possesses varying levels of needs that can only be understood with a consultative, partner driven approach. While we are advocates of Bring Your Own Devices policies where it makes sense, there are circumstances that may benefit from a more traditional and conservative approach to ensuring the security of their data. In instances where security, confidentiality, and compliance are non-negotiable, it may make more sense for organizations to provide their employees with company issued laptops, smartphones, and tablets.
By doing this, organizations will be able to set clear distinctions and guidelines for their employees; any correspondence sent through the device, website viewed, calls made, etc., may be subject to being reviewed by the organization. If employees are concerned with their personal privacy, they will be able to make the informed decision to use their own personal devices for personal matters, rather than the company provided device. It may be more cumbersome for the employee – and even for the employer – but this will allow the employer to have full access and control over all business-related communications and operations in the event that such precautions are needed.
To discuss what the best approach may be for your organization, and to learn more about various security options and protocols, call TSI today at (508) 543-6979 or click here to request a call from one of our representatives.
Confident with Your IT Strategy?
If you found the information in this blog post helpful and you'd like to discuss your business' technology strategy, then we'd be happy to hear from you.
Categories
- Backup & Disaster Recovery
- Business Operations
- Case Studies
- Cloud Services
- Cyber Security
- Employee Spotlight
- Finance & Budgeting
- Glossary Term
- Governance & IT Compliance
- Managed Services
- Mobile Device Management
- Network Infrastructure
- NIST 800-171 & CMMC 2.0
- PCI
- Podcast
- Project Management
- TSI
- Uncategorized
- vCIO
Cyber Security Policy Starter Kit:
10 Critical Policies That Every Company Should Have in Place