Disclaimer: This is not political; it’s for understanding and preventing cyber risks. We don’t care who you vote for in the upcoming election, but we do care that you’re protecting your organization and customers from hackers.

Hillary Clinton had an action-packed information security month of July. One self-inflicted, which James B. Comey, FBI Director, called “reckless,” and another on the Democratic National Committee (DNC), which I call “preventable.”

Private Email Server in a Nutshell

Hillary took the office of Secretary of State in January 2009, and began using an email account on a private server. Two key incidents happened while she was in this position – the attack in Benghazi and a request from the chairman of the House Oversight Committee asked Hillary about her private account. She left office in early 2013. In 2014 John Boehner leads a hunt to investigate the Benghazi situation, and requires that she hand over her emails. These emails were delivered over time and eventually made public. There were 30,000 emails, including 8 topic secret chains, 36 secret, and 8 confidential.

The issue was/is whether laws were broken during the course of these events. After more than a 1 year investigation Comey announced that she should not be indicted and the Attorney General accepted his recommendation.

Key takeaway for organizations and politicians: Don’t use a private email server for top secret and confidential emails. (Side note: I’m concerned with our future if we need to tell anyone that holds a security clearance this takeaway)

DNC Breach Recap

The DNC breach is unfolding as it was just announced last weekend, and here’s what we know so far. On Friday Wikileaks released emails that showed collusion between the DNC and Hillary Clinton during the campaign against Bernie Sanders. There are plenty of articles focusing on the content and political ramifications, and we’ll be following the how and why of the security breach. Hillary, the DNC, and a few other organizations are pointing at Russia for the leak, but that is not yet proven. All signs suggest Russia is involved because in April the DNC found that Russian hackers breached their system and monitored significant communication for over a year. Their security consultant identified two groups sponsored by the Russian government. The company suggested that the DNC was likely targeted with a social engineering approach to hacking called Spearphishing. Spearphishing is a term for a malicious email that looks like it’s from a legitimate company, but sent from a hacker to obtain access to your information. This is one of the most common attacks used by hackers today, and the good news is that it’s preventable.

Key takeaway for organizations and politicians – Employees and anyone that has access to your information is a threat to your organization.  It’s likely not malicious, we know your employees are great, but if they aren’t familiar with common hacking techniques they are a weak link in your security fence (fortunately that’s preventable).

Preventing this Breach

Social Engineering attacks are common, but preventable by training all employees within your organization what they should be looking for in their email to prevent a breach. It’s IT’s job to build a secure structure and policy within your organization, but it’s management’s job to train the non-technical employees (sales, accounting, HR, marketing, etc) how important is to be aware and their role in cyber security. Wuvavi delivers an easy to use platform that teaches your stakeholders to protect your business.