Published on January 17th, 2013 | by John I.0
The Petraeus scandal and digital email security
The recent scandal surrounding former CIA Director David Petraeus should act as a wake-up-call for businesses and firms about the risks of inadequate email security. As we are living in an age in which almost every trace of human interaction is collated and quantified by computer servers, there is a huge danger of people gaining unlawful access to this data, meaning your business could be at risk.
David Petraeus resigned as CIA director following an FBI investigation that revealed details of an affair with Paula Broadwell, his biographer. The scandal was uncovered when officials from the FBI began looking into claims from Jill Kelley, a family friend of the Petraeuses, that she had been receiving threatening e-mails from an anonymous address.
Eventually, these anonymous emails were connected to an account belonging to Mrs Broadwell, which also included details of her affair with Petraeus. However, Mrs Broadwell was also found to be in the possession of classified information, which highlights the dangers of inadequate handling of sensitive information. This included a wealth of detailed information about the private movements of generals involved with the US Central and Southern Commands. However, for your business, this could be anything from bank details to potential business deals.
Due to their respective backgrounds in the field of intelligence, Petraeus and Broadwell reportedly used a well-known technique amongst intelligence and cyber-crime circles as a way to hinder surveillance. This involved sharing the login details for a web-based email account, such as Gmail and Hotmail. As opposed to sending messages to each other, Petraeus and Broadwell would compose messages that are simply saved in the draft folder, which are then stored on the email server and are visible when any account owner logs in. This technique restricts the amount of information that officials can act on, which can seriously thwart any investigation.
However, even the smallest mistake can allow cyber-criminals to obtain your IP addresses, which can allow them to capitalise on poor email security by conducting false transactions. This story just goes to show, if the director of the CIA and Mrs Broadwell both had a wealth of experience in the field of intelligence and they are unable to keep their emails secure, what chance do small to medium sized businesses have?
Thankfully, there are a range of options available to help you to encrypt some or all of the emails that your business sends. Firms such as SSL Post provide a range of secure email solutions at competitive prices, which prevents your classified information from being viewed by any third party while it is in transit over the web, including confidential documents such as pay slips and invoices.