Some articles in the Guardian over the past few days have caught my eye. It seems our politicians have been playing fast and loose with security by sending confidential documents to personal email accounts.
When Hillary Clinton allegedly did this it seemed to lose her a Presidential election, but on this side of the pond we’re just brushing it off. Perhaps we have such low expectations of behaviour from Downing Street we think “same old same old” as far as the competence of any politician with technology goes.
However there is food for thought behind all this. If a member of the cabinet has allegedly sent six secret documents to personal email addresses, at least one of which wasn’t the address intended, what lessons can the rest of us learn for the real world of business?
Clearly firing off state secrets to one’s own email account isn’t the smartest thing to do. Let’s hope that personal account has Multi-Factor Authentication on it for the safety of the politician’s ample bank account if nothing else.
But learning more about the starting location of the “secret” documents would be interesting. I mean “location” here in the sense of computing or IT storage rather than “which desk was the paper copy sitting on”.
There’s really no excuse for confidential documents to exist as email attachments in the first place. A far more secure solution is to save them to a cloud environment from which it’s not possible to share or email them to places and people they shouldn’t be shared with or emailed to.
An authorised person can log on and view the documents but not share or print them, and logs off again when done. What’s more, the viewing session would time out when the viewer is called to the Chamber for a Division.
There are military-grade cloud systems which give exactly that level of Data Loss Prevention to an organisation. An authorised user will be able to read the documents they have to read but they won’t be able to steal or share the papers.
However, out here in the real world we don’t have ready access to private cloud storage with military-grade security. Fear not, Microsoft SharePoint will do much of this for you when it’s configured thoughtfully, and as an SME you probably have SharePoint as part of your Microsoft 365 subscription already. Multi-Factor Authentication and Conditional Access also come as part of the package.
I wonder who we need to call to land No.10 as a client? On second thoughts, it’s much more fun to work with nice people who do a decent day’s work so let’s just leave Downing Street to their own (mobile) devices.
Image by Nacho Capelo via Unsplash