Matthew Ravden, Chief Marketing Officer and VP, Balabit says: "It's well known that the most sophisticated cyber-criminals target people, not machines, which makes it all the more crucial that organizations educate their users as a first line of defense. This is a very good example of the worst possible practice, not only highlighting the problems of 'bring your own device' but 'bring your own server' as well.
"This incident really does highlight the need to educate users as a first line of defense. There are sophisticated activity monitoring solutions available today that can track a user in real time when they are operating within an organization's established IT infrastructure. But as soon as they go off the grid and start using personal email on mobile devices, accessing private servers or public clouds, they really are at the mercy of cyber criminals."
Craig Kensek, security expert, Lastline adds: "Due to the ever increasing number of threats and their sophistication, using the tools available to protect your devices, your network and your email servers is essential. For people with a law degree, there is a vast difference between "guideline" and "mandatory guideline" (call it a requirement). "Mandatory" should have been the order of the day, years ago. I can see encrypting emails - both on the server and in transit - becoming a requirement in certain sectors of the government. Meanwhile there are numerous stories in the press about this particular server being hacked."