We’re sure you rolled your eyes and shook your head in disbelief when news broke about Donald Trump’s national security team accidentally sharing classified national security information with a journalist on messaging app Signal.
At the core of the Signal chat group sits a veritable who’s who of intelligence security officialdom in the US government. This includes national security advisor Mike Waltz, Vice-President J.D. Vance, secretary of state Marco Rubio, and defence secretary Pete Hegseth, amongst others. It begs the question that if these really senior people were using Signal to discuss classified information rather than secure government systems, what is everyone else using? And how easy is it for other government employees to use non-sanctioned systems?
Whatever the answers, the breach serves as a very timely reminder of how employees, no matter how senior or how well trained (hello national security advisor), can turn a blind eye to security policies. Don’t think for a minute that this behaviour is limited to Donald Trump’s national security team.
Mobile data security call to action
As we’ve discussed in many previous blogs, here, here, and here, the weakest link in any security system is typically human error. That means it’s critical to reinforce employee training in cybersecurity best practices and make sure you people understand the importance of secure communication and the potential risks involved in sharing sensitive information on non-secured channels. Ongoing training and education should cover recognising phishing emails, using strong passwords, and avoiding suspicious websites.
Is your corporate data at risk of cybersecurity leaks?
As with all newsworthy security blunders, it makes sense to use the Signal security gaffe as a trigger to assess your corporate data. Is it at risk of cybersecurity leaks and breaches from people using applications or systems that are not approved by the IT department?
Revisit what work different users need to be able to perform and the associated devices, networks, and apps they need access to before you confirm access to corporate resources. And take time to perform a security audit to help identify any potential vulnerabilities or weaknesses in your company’s communication channels and systems.
Start by assessing:
- Employee compliance with training to understand and apply data security laws and regulations related to their work that impacts the company’s security
- How easy it is for your people to skirt your corporate security policies to simplify tasks
- How easy is it for them to use a non-sanctioned app like Signal to share corporate information
- Whether your people’s devices are fully patched and upgraded to the latest versions
- How well your people understand the steps they should take to ensure company issued and BYOD are always secured.
Free download
For more information on mobile data security best practices, download our practical resource: A CEO's Guide to Mobile Data Security.
