Department of Homeland Security Secretary Jeh Johnson yesterday confirmed that he and 28 senior staffers have been using private web-based email on work computers for the last year.
Private email was banned from DHS computers in April 2014—after Office of Personnel Management (OPM) computers were breached.
Now that he’s been caught by media for bending the rules, Johnson said that he plans to use his smartphone to access his personal Gmail account from now on.
Speaking at a Politico event, Johnson said that he had obtained a waiver from DHS’ chief information officer to do continue accessing webmail from work.
“At my desktop at work, I was, via the Internet, accessing my personal email account, so I could see who was sending me stuff on my Gmail, my personal account,” he said. “Not to be confused with my DHS account, which I use all the time.”
This, despite the fact that email is one of the leading exploited entry points into organizations via the phishing attack. All that has to happen is for a user to click a wrong link or open a bad attachment—regardless of whether the email account is used strictly for personal use—and the network walls have been breached.
View full story