Top 5 Cybersecurity Tips for Campaigns

Download the top tips here.

🤷 1. Human Behavior is Key

Cyber can seem intimidating, but since 95% of breaches involve human error, following the low-effort, high-impact, free tips here can make you and your team significantly safer.

📱 2. Physical Threats

Cyber defense starts with securing your physical devices. Laptops were stolen and compromised in the 2008 and 2016 campaigns.

Suggestions:

  1. Encrypt computer and phone hard drives (instructions for Mac and PC – exception: if you have Windows Home edition, use this link instead).
  2. Fully shut down (not sleep) computers when you may be separated from them (e.g. taking a flight, going to a bar, etc.).
  3. Do not use flash drives if you don’t know their origin.
  4. Be careful about what information is stored on devices volunteers use.

📩 3. Email Threats

The two largest email-related threats are malware and phishing. Malware refers to introducing malicious software (e.g., opening an attachment that contains a virus). Phishing is soliciting sensitive data from unsuspecting users (e.g., putting your credit card information in a fake form). The 2016 DNC hack was a phishing attack.

Suggestions:

  1. Don’t click links or open attachments in emails from unknown senders. If emails come from known senders but look odd, call or text the person to confirm.
  2. Verify links in emails by hovering over them to ensure the domain is as expected (e.g. gmail.com not gmai1.com).
  3. Open attachments on an iPhone or in GDrive; do not open them on your computer or Android phone.
  4. Test yourself on a free phishing quiz.
  5. Enroll all Gsuite users in enhanced security.
  6. Phish yourself! Free phishing campaigns from DHS or private companies (e.g., KnowBe4) can train your staff to be alert.
  7. Designate a person to whom suspected phishing emails should be sent, as well as sending them along to US-CERT.

💻 4. Update Your Software

Major breaches that relied on users not updating devices include the WannaCry ransomware attack ($4 billion in damages) and the Office of Personnel Management hack (21 million Americans whose security clearance information was stolen).

Suggestions:

  1. Turn on automatic updates (Instructions for Mac, PC, Chromebook, iPhone/iPad, and Android).
  2. Actually restart your devices (so updates can install).

🔑 5. Password Protections

Passwords can be compromised in many ways. The Iranian government is currently trying to hack presidential campaigns by just guessing common passwords. In 2008, Sarah Palin’s email was breached because the answers to her security questions were all on her Wikipedia page. Practice good password hygiene and make use of tools that make it easier.

Suggestions:

  1. Have strong, different passwords for each account (length is the most important factor) & choose security question answers that are not public information.
  2. Beware of social engineering to get passwords or related information.
  3. Use two factor authentication on all accounts. twofactorauth.org makes that easy.
  4. Use a password manager such as 1Password (free for campaigns) to store passwords, generating a unique random string for each account. Not only will this make you safer, it will make logging into websites much easier.
  5. If using Gmail or Google-hosted email, and you already have two factor set up, consider Google Advanced Protection.