When something doesn’t go as planned, you can always count on someone to say: At least we learned our lesson.

This is most certainly true in the latest news around Hillary Clinton, who is still facing backlash following the revelation that she was not using a government-issued email address during her time as Secretary of State and was instead using her personal email.

While there are many heated discussions around the motives for such an approach, the truth is there is something every organization (from government to the private sector) can learn about how we must approach information management. After all, Clinton committed the same mistakes that are common in corporate environments, where the use of personal email and devices for business continue to expose organizations to risk.

With that in mind, here are three simple steps any organization can take to better prepare for their own inevitable Emailgate. 

Capture all data

The amount of data we produce has grown exponentially over the past few years, as more and more devices produce greater quantities of information that needs to be stored. Luckily, the storage methods and processes have adapted to support this influx of big data.

The best way to ensure vigilant monitoring and data collection is through a single virtual repository that captures and stores data, whether it’s archived or backed up, in the public or private cloud, from all types of devices. With such a repository, data can be comprehensively searched from a single location and deduplicated. The result is better control of applications, processes and data workflows across the organization.

The importance of such an approach can be seen when examining Emailgate. There are questions now being raised regarding whether all data from Clintonemail.com was stored properly. As the investigation continues, it appears there could be emails that were permanently deleted or otherwise not archived or accessible. By backing up and capturing all data in your business, the repository can be comprehensively searched from a single location and deduplicated, resulting in better control of applications, processes and data workflows.

Secure business email across all devices

As more businesses readily adopt “Bring Your Own Device” (BYOD) policies, it’s more critical than ever to include endpoint data protection as part of your information management strategy. Sixty percent of business critical information is stored in email, with much of it generated and stored in thumb drives or personal devices, IDC estimates. The ubiquity of these devices (and the inherent ability to access business email on them) opens up opportunities for data management mistakes.

By securing all endpoint devices with access to business critical information – from corporate liable devices to personal devices – businesses are setting themselves up for better information management success. It only takes one misstep by an employee to expose information. Without a proper plan for these devices, a lost or stolen laptop or cell phone that has access to business email can put private business information in the wrong hands.

It’s probably safe to say that data security was not the top priority for Hillary Clinton. Imagine if she had misplaced her phone or laptop – any information stored in her email network would have been accessible to the next person to pick it up. To keep risk at a minimum, mobile device management, remote wipe capabilities and endpoint data protection are important features to have in your information management plan covering all devices with access to email.

Make data encryption part of the greater strategy

While it should go without saying that solid data protection strategies like these should be a part of your business’ greater information management plan, even with secured devices and backed up data, there is still a possibility of sensitive information being exposed. Additional lines of defense must be set up, ranging from encryption, gated documents, email security measures and two factor authentication.

The importance of this expanded approach cannot be underestimated. As reported by security company Venafi, there was a three-month period when Hillary Clinton’s State Department emails, web activity and devices were essentially unsecured and did not use encryption. During this time, Clinton travelled to China, Egypt, Israel, South Korea and other locations around the world. It wasn’t until after those three months that browser, smartphone and tablet encryption was enabled for Clintonemail.com.

While the political ramifications and motives of Emailgate will continue to swirl, it’s a moment in time for all businesses to take a closer look at their own information collection, retention, protection and access practices. One way to start is by applying these three simple preventative measures to make protection risk-adverse information management strategy a top priority. It may not make you president, but it can help ensure your organization sleeps better at night.

Emily Wojcik is CommVault's information management expert, focusing on archiving, compliance, eDiscovery and information governance with 15 years of technology experience.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access