Minister shows risk of using personal email
Using your personal email account for work? Maybe you should think twice. The issue has been highlighted by Communications Minister Clare Curran, who has come under fire from National for using a personal Gmail account to answer Official Information Act requests and parliamentary questions.
Transparency issues aside, Curran’s faux pas is that the information could more easily be hacked unless she’s using security systems as strong as those used by big organisations.
Peter Bailey, general manager of cybersecurity firm Aura Information Security, said workplace IT systems reduced the chances of opening malware or inadvertently sending it to a customer ‘‘because your personal email’s not stripping that out’’.
Most mainstream email providers had reasonable security, Bailey said, but people still often laid themselves open to hacking with weak or reused passwords.
This was obviously not good for personal security but it also had implications for employers if business information was intercepted. ‘‘If you don’t have two-factor authentication, then [hackers] can look at anything in your mailbox and if you’ve been getting and receiving work emails in your inbox, they can now see all your work stuff as well.’’
Workplace attitudes towards emailing was something that varied widely, employment lawyer Peter Cullen said.
A small organisation might well mingle personal and work emails. But in a large organisation, ‘‘it would be taken for granted that all work for the organisation is done through the work address and on a work server, so there’s a record of it for others to rely on’’.
In Curran’s case, it would depend on what the rules were for MPS.
Nefsafe chief executive Martin Crocker said it was unlikely Curran had jeopardised parliamentary IT systems but it wasn’t wise as work-related emails were not on the record. ‘‘The thing that is a big deal in the Government space is that people are subject to the Official Information Act and so if somebody makes a request then you have to check both [work and personal email] systems. That becomes an issue of transparency and good government.’’
This week, the Commission for Financial Capability launched a guidebook to how to spot scams. These included scams aimed at businesses. which were often aimed at staff members by people pretending to be a chief executive or boss, usually when they were away.
Internet security giant Verizon estimated that about 30 per cent of phishing emails in 2015 had been opened by people in targeted organisations that year, and that figure was rising, up by nearly a quarter from the previous year.
The issue comes at a time when internet experts have warned the ‘‘Five Eyes’’ group of countries, which New Zealand is part of, can intercept encrypted online communications.
The governments of the United States, Britain, Canada, Australia and New Zealand have expressed concern about the use of powerful ‘‘endto-end’’ encryption technology by ‘‘child sex offenders, terrorists and organised crime groups’’.
‘‘The thing that is a big deal in the Government space is that people are subject to the Official Information Act ... That becomes an issue of transparency.’’ Nefsafe’s Martin Crocker on the email faux pas by Broadcasting Minister Clare Curran, above.