It’s always a good time to learn from the misfortunes/bad judgment of others, and the Hillary Clinton email controversy seems as good an opportunity to do that as any.
The feds are still unraveling exactly what information was communicated via unsecured channels, so I won’t presume to know what state secrets – if any – were divulged by our former Secretary of State. But suffice it to say that, if one is in trading in confidential information, one should take reasonable and necessary steps to ensure that the information is transmitted via secure channels. It does not appear that Sec. Clinton took those steps.
Most executives don’t deal with the kinds of secrets a high-ranking government official does, but many of them deal on a daily basis with confidential information that, if divulged, could put the company at a competitive disadvantage. So let’s look at Sec. Clinton’s troubles with an eye toward what we can learn and apply to the daily lives of executives:
Confidential information deserves to be treated with respect and safeguarded. If you don’t, you can’t be surprised if others get bent out of shape over it.
Don’t mix business with personal. Sec. Clinton says she used her personal account to handle everything from government business to Clinton Foundation business to discussions with her daughter. Bad idea. It does very little good for a company to invest in secure servers and hacker prevention if the CEO sends everything through his or her gmail account. Also, particularly if there’s ever a chance your emails will be subpoenaed in litigation, your correspondence about your weekend plans, or what have you, don’t need to be in the mix.
Although most people do it, it’s generally a good idea not to commingle the personal with the professional, such as keeping a stash of family photos on your work computer. When the time comes for you to leave your employer – for whatever reason – you’re going to download those photos to take with you. Your employer’s IT department will be able to detect that, shortly before your departure, you downloaded a significant amount of data from your work computer, which will set off alarm bells. Likewise, it’s best not to keep work files on a personal computer. When you leave your company, you’re expected to return all confidential information, and it’s easy to forget a file buried somewhere on your laptop. If your former employer is looking for a reason to file a theft of trade secrets lawsuit, that file could cause trouble.
Consider not using regular email for sensitive information. If information is truly bet-the-company important, if you don’t have to email it, don’t. If you have to transmit it electronically, send it as an encrypted attachment or use a secure file-sharing service. Not only does this safeguard the information, but the mere act of your using secure channels to transmit it tells others that you consider the information private and are treating it as such.
Know where the risks lie. It’s not just email servers that pose risks. It’s also hackable, stealable phones, tablets and computers, and free public WiFi hotspots. Hackers love all those. If you absolutely must transmit information while you’re out of the office, use your mobile phone’s hotspot capabilities (if they’re also secure).
Review your personal email deletions policy. One thing that’s raised eyebrows is the fact that Sec. Clinton deleted so many of her emails. It could very well be that she, like most of us, routinely deletes emails she doesn’t need any more just to avoid a massive backlog of emails. Or she might, as her critics claim, have been trying to cover up the fact that she was conducting classified government business over her personal email.
Everybody deletes emails. Otherwise, we’d be buried in them. The key question is whether you’ve made any massive deletions out of the ordinary. Anything out of the ordinary will be viewed with suspicion, particularly if it’s done at or near your time of termination. If you delete lots of emails every day up until the day you leave, it’s not going to be viewed with suspicion if you delete lots of them the day you leave. Of course, you never want to delete critical, important information. In a nutshell, delete the junk, do it regularly, and save the important stuff. As long as you’re not getting personal email at your work, or vice versa, there should be no need to do a massive delete right before you leave your employer.
Regardless of where you stand on the politics of this issue, it provides a valuable lesson to executives on the importance of maintaining good techno-hygiene.