Skip to content

Presidential Candidates Set Bad Security Examples

March 5, 2015

Two of the leading candidates for President in 2016 have offered voters bad examples of cyber security practices in the past month.

Hillary Clinton and Jeb Bush, the former the leading presumed contender for the Democratic nomination, and the latter the leading presumed contender for the Republican nomination, have proven to be failed leaders in cyber security and privacy matters.

Clinton’s well-publicized use of personal email to conduct U.S. State Department business as its Secretary and Bush’s less-publicized release of personal details of constituents who emailed him as Governor of Florida in the name of “transparency” demonstrate a disturbing lack of awareness of online security and privacy.

Clinton’s use of personal email off the security of the State Department’s network would make any IT person’s head spin, not to mention violate federal regulations.

Bush, in a flawed attempt to provide transparency by releasing emails from his terms as governor that he knew would be requested at some point, violated the confidentiality of constituents who emailed him by failing to redact the personal details they revealed in those emails, including Social Security Numbers in some cases.

The notifications alerting constituents that their emails were a matter of public record weren’t on the online forms they submitted but in the automatic replies they received AFTER they emailed.

Unfortunately, I can’t say I’m surprised. Some of the people who should know the most about cyber security seem to be the most egregious violators of common sense security measures.

I’ll never forget the time I visited a couple performing outsourced human resources tasks for the Department of Homeland Security. They had viruses on both laptops they used to store and analyze the applications of Homeland Security applicants.

Neither laptop had adequate anti-virus software, and worse, neither required a password to boot into Windows. Just turn it on and a treasure trove of personal information for job applicants for sensitive security positions awaited. I mean, it’s not like a laptop has ever been stolen or lost ( /snark ).

So, the lessons to be learned here are not to follow the examples of politicians and government officials when it comes to online behavior, and most certainly don’t send government officials your Social Security Number.

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: