Palin Email Hacker – Lessons for Business

I figured it would only be a matter of time before something would pop dealing with information security and VP nominee Governor Palin. The news is all over the Internet by now.

If anything, this should be used as a wake up call for any and all businesses. What is the call? Don’t permit web based emails to be used from within the company or from company resources. Even in Palin’s case, it shows some general dialog between Palin and others in the Alaskan government. Additionally, information and pictures of her family were posted on the Internet.

Take a step back and think about the scenario. What if an employee had been conducting business via their yahoo/Hotmail/gmail account? Imagine these accounts being hacked and all the emails posted on the Internet for all to see. Now imagine your competitors drooling over your latest initiatives. Or imagine the contents of the employees personal notes mixed in throughout the business notes. What would you find out about your employee? What if that employee was discussing various illegal activities; including child porn? Do you think people could separate the business from personal? Will people give your company the benefit of the doubt? Or will there be a free fall public outcry against your company because of bad stuff your employee is emailing? Will your business be liable?

The bottom line, there is no way of knowing what types of email communications are going on with your employees. As a business, you shouldn’t care and really, who has time to worry about it? The business should be focused on business. But what can a business do?

Here are a couple of tips:

  1. Ensure there is a written policy discussing what employees can and can’t do with email, IM, Internet, and web use.
  2. Routinely remind employees about these policies. Conduct quarterly training, have notices posted, etc.
  3. Have new employees sign an acceptable use policy.
  4. Don’t be afraid to implement technology to help your business block content such as web-based email systems, IM, and other categories available in a good web content filtering engine. There are legitimate open source platforms or high-end applications/appliances. I wrote about one such open source solution that works well on my own home network (reigning in four teenage boys).
  5. Consider archiving all email traffic occurring with your email server or service. Think about this one and consider it from all angles. Know what the legal pro’s and con’s are.

The Palin case is a bad thing. Aside from the items above, these other items should be considered too:

  1. Palin should know better. Yet, I can see how it is real easy to use the, "I’ll just send a quick note while I’m in here."
  2. The person who did this should be held accountable. It’s like someone going up to your mailbox at home and taking the mail from it.
  3. Yet, the flip side of item 2, everyone should not expect any privacy once something touches the wire.

(In the interest of full disclosure…I am a McCain/Palin supporter. I’ll do my best to remain objective.)


Jeff Evenson

Jeff is Chief Blogger for Security Friction, writing about the security issues that seem to always have some rough edges when being considered for implementation or integration. Jeff retired from the US Navy as a Chief Cryptologist, worked in the wireless telecommunications and financial sectors. Jeff has spoken at the local college and various community groups.

Leave a Reply

Your email address will not be published. Required fields are marked *