Of all the issues one might expect Governor Sarah Palin’s vice presidential candidacy to highlight, data security seemed like an unlikely contender. That was, of course, until last week when hackers broke into the Governor’s personal Yahoo email accounts and posted messages, screenshots of her inbox, and family photos all over the Internet.
Now the Governor is taking some flack, not because she was complicit in or could have somehow prevented the virtual break-in. Rather, the incident revealed that Palin transacted some state business over her personal email account.
That’s a “no-no” for a couple of reasons. For one, our government leaders are supposed to preserve official communications – including emails – for public scrutiny. Second, web-based email services such as Yahoo, Gmail, and Hotmail are typically less secure than government or corporate accounts – as proven by the successful hacking of Palin’s accounts.
This incident begs a serious and obvious question: How many of your employees are doing the very same thing as Governor Palin – transacting official business over vulnerable and covert accounts that could expose your organization to untold embarrassment and harm?
Granted, there are some very limited circumstances where the use of personal accounts may be appropriate. On Capitol Hill, for instance, staffers are required to transact campaign business over non-governmental email accounts or risk being hauled before an ethics committee. Not a very pleasant experience, I’m guessing.
But in our nation’s corporations, non-profits, associations, and other institutions, the problem of what we’ll call “offline” emails may be much more significant – putting trade secrets, proprietary data, and other sensitive information at risk.
Employees engaging in the practice are also exposing their personal information to disclosure, as a personal email account used for business purposes may be subject to discovery in litigation.
In crisis, as in medicine, the best prescription is often prevention. Does your company have a policy outlining the proper and improper uses of Yahoo, Gmail, Hotmail, and other personal email accounts for official business? If not, it should.
Is the policy clearly and emphatically communicated to new employees and reinforced regularly with existing employees? Don’t just assume that because the policy is in writing employees know about it. When was the last time you read the terms and conditions for each of your credit card accounts?
Finally, is the policy enforced?
In a world where information moves at warp speed and a few mischievous or mistaken keystrokes can trigger an instant crisis, everyone and every organization is vulnerable. Just ask Governor Palin.
Andrew Koneschusky, Vice President at Levick Strategic Communications, is a veteran of national political campaigns and Capitol Hill with extensive experience effectively communicating in high-risk and high-profile situations. At Levick, he directs issue and crisis communications campaigns for clients around the world. Prior to joining Levick, he most recently served as National Press Secretary for U.S. Senator Charles E. Schumer (D-NY).
