Best practices for email security

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Former Secretary of State Hillary Clinton’s use of a private email server to conduct State Department business has left IT pros dumbfounded. They thought the days of executives acting autonomously were over and that governance within organizations was sound enough to prevent these actions.

“When you’re doing official business for an organization, you should use an official account,” says John Pescatore, director of emerging security trends at the SANS Institute. Otherwise, organizations cannot follow regulatory and compliance mandates, protect intellectual property or maintain proper records.

But Pescatore acknowledges that progress still has to be made in the email best practices arena to ease the burden on users and IT. For instance, mandating that someone use two devices – the issue Clinton cited as reason to circumvent State Department policy – is antiquated thanks to software that supports secure access to multiple accounts on a single device. “IT no longer can say ‘this can’t be done’,” Pescatore says. “There has to be a compromise and then a recommendation from IT.”

To continue reading this article register now

Join the discussion
Be the first to comment on this article. Our Commenting Policies