Democratic House IT scandal illustrates the hazards of reckless cybersecurity policy

Democratic leaders have repeatedly shown themselves to be recklessly irresponsible when it comes to national security. The case of Imran Awan illustrates that the pattern of dangerous incompetence is particularly true of their approach to cybersecurity.

The summer of 2017 saw the arrest of disgraced former House IT worker Imran Awan at Washington Dulles International Airport as he was headed for a Pakistan-bound flight. Authorities had been scrutinizing Awan after he allegedly committed bank fraud and transferred $283,000 to Pakistan earlier in the year.

{mosads}This whole fiasco started in 2016, a banner year for Democrats making terrible decisions. A total of 44 House Democrats, including then-DNC chairwoman Rep. Debbie Wasserman Schultz (D-Fla.), chose to exempt Pakistani IT aides from completing background checks urged by the Shared Employee Handbook.

According to congressional documents, the House Democrats clownishly exploited a loophole in hiring procedures that exempts potential hires from background checks if another member of Congress vouches for them. This allowed individuals with questionable backgrounds, such as Imran Awan and his brothers, Abid Awan and Jamal Awan, into the ranks of the House of Representatives staff.

Those IT aides later made unauthorized access to congressional data. A House Inspector General report found the workers used the many passwords they had to log into multiple representatives’ devices under the representatives’ own usernames, many of whom they didn’t even work for directly. They used the devices to download data off the House network and proceeded to cover their tracks as best as they could.

The House Inspector General concluded that this could all have been avoided if background checks had been initiated. Even after learning of the team’s nefarious activities, Wasserman Schultz still decided to keep Imran Awan on staff.

These startling revelations should outrage both Democrats and Republicans alike.

The Democrats’ careless and negligent hiring and password management practices proves one thing: Occupational competence alone does not guarantee security. There is too much sensitive information at stake, and too many parties want to use that information to cause damage (and will pay well for access to it). This means that every precaution, no matter how time-consuming or tedious, must be taken. This includes, but is not limited to, extensive background and belief checks coupled with adapting anti-subterfuge security practices.

Background checks should be a given, because personal circumstances can play a large role in a person’s course of action. The Awan family circus is on the extreme end of background check stories, and they nevertheless gained access to a wealth of information that more than a few folks would do anything to have. Why? Because Democratic leadership chose to take the easy way out. This is reprehensible.

When it comes to password management, the same principle applies: go the extra mile and take the time and effort needed to protect your devices, data, networks, and yourself. Create strong passwords that are at least 12 characters. Use a variety of capital letters, lowercase letters, numbers, and symbols. Do not keep using the same password everywhere. Change passwords regularly, ideally at least every three to six months.

Especially important in the culture of Washington, D.C., philosophical alignment is crucially imperative for IT and cybersecurity workers handling highly sensitive data and devices. This is particularly true for VIP individuals and elite organizations such as law firms, lobbying firms, political action committees, and advocacy organizations. You need tech people and companies who are loyal to your cause and who provide you with top-tier services because they want your efforts to succeed in the public arena.

There will always be obstacles to workplace integrity and security. Do yourself a favor and learn from the Democrats’ poor example as a cautionary tale. Always go the extra mile for security and hiring, never take shortcuts, and surround yourself with people who fundamentally agree with your mission.

Jeremy Cerone is the co-founder and CEO of EliteSafe, a data and device cybersecurity company specializing in security for conservative groups and leaders.