In the controversies over Hillary Clinton’s decision to use a private email address for official correspondence as U.S. Secretary of State, one theme has been the question of whether, in doing so, she created a security risk.
As important as records maintenance is, the possible lack of proper security/encryption is most troubling http://t.co/lJXUr3sRU8
— Nolan McCarty (@Nolan_Mc) March 3, 2015
However, Hillary Clinton wasn’t a typical worker using gmail to avoid a little hassle. She had her own email system. And unofficial doesn’t have to mean unsafe.
“Just the fact it’s not part of the government’s email system doesn’t mean its insecure,” says Larry Ponemon, chairman of the Ponemon Institute, which studies cyber-security.
Big institutions, with robust security budgets — think Target or Sony — haven’t been immune from cyber-attacks.
Poneman says someone with enough money and motivation could create a good system. And smaller systems have advantages: Fewer users means fewer people who could slip up and compromise security.
“It could be very secure and make it harder for the bad guy to actually find it,” says Poneman. “Because it’s small, it becomes — not invisible, but it’s not as easy to find it and basically do bad things.”