A report released Wednesday by the U.S. State Department Inspector General indicated that Hillary Clinton broke government rules by using a private email server without approval during her time as U.S. Secretary of State. By department policy, Clinton is prohibited from using a private email server to conduct official business, and had she asked, the State Department has said they would have denied her request to do so.

Clinton’s actions both breached department rules and created a significant security risk in which sensitive material was vulnerable to hackers.

While Clinton may be a prominent government official, there are several relevant business and ethics takeaways from her recent misstep:

Not everything should be emailed

If something is extremely sensitive, discuss it in person. If it must be done in writing, send an encrypted attachment instead.

Don't use personal accounts for business purposes

While this could be stating the obvious to some, it’s often abused! The biggest issue here is with record keeping. You may not be dealing with clandestine foreign policy like Clinton, but there is always the possibility that your company will require past emails of yours for legal reasons. Unless you want your employer sifting through your personal emails, it’s best to keep business matters on your company account.

It also works both ways! Avoid dealing with personal matters on work machines. Your IT department won’t be thrilled when you open a personal email and subsequently shred the company’s server.

Cooperate when asked

The recent report detailed that Clinton and her aides declined to be interviewed for the report. On the contrary, the past four Secretaries of State including Colin Powell, Condoleezza Rice and John Kerry all took part in formal interviews for this investigation.

From a business standpoint, if you are asked to turn over emails – do this right away! If there is nothing to hide, there’s nothing to find. Refusing to turn over information or taking part in a formal review can make you appear distrustful to your employer.

Have a formal Bring Your Own Device (BYOD) policy

Things can get complicated without a formal policy in this regard. Make sure you specify what devices are permitted and indicate what degree of support and guidance your IT department should be providing. Other important things to consider are how employees are securing their devices, and how to manage the device and data when an employee leaves the company.

With all of this in mind, we recommend downloading our New BYOD workbook. It answers the question "How to mitigate your employees putting your data security at risk? " and will provide you with a roadmap to create your own BYOD policy or update your existing policy. Grab this BYOD workbook FREE here: