60 Seconds to Better Cybersecurity for Political Campaigns Using Microsoft

As Election Day draws near, cyber threats will only increase for political campaigns (of all sizes) and the digital firms and vendors that serve them. Already this cycle, we’ve seen numerous instances of bad actors leveraging different tactics, including generative AI, in their election interference operations, targeting political organizations up and down ballot. Microsoft’s Threat Analysis Center has been actively tracking the various tactics employed by nation-state actors as they look to influence the US elections, including recent Russian interference and elections-specific cyber attacks coming from Iran.

But it’s not just nation-states that are going after political campaigns. Other bad actors include cybercriminals seeking to steal valuable resources from campaigns. They use techniques including invoice scams, sending fraudulent invoices designed to funnel money into the criminal's bank account instead of a vendor's. Like nation-states, they look to compromise vulnerable targets, including volunteers and third parties, to use as launching pads for spear phishing attacks.

Protecting a campaign or a political organization from nation-states, hacktivists, and cybercriminals may seem daunting, but for those using Microsoft, there is a solution that will dramatically enhance your defenses.

If your organization or personal account is tied to a Microsoft-hosted domain, Microsoft’s AccountGuard, a free solution designed for high-risk users and organizations, will add an extra layer of protection. It takes only 60 seconds to get your request for Microsoft’s AccountGuard submitted. AccountGuard offers the following:

Security Guidance, Notifications, and Recommendations: Security best-practice guidance and rapid response from Microsoft’s extensive pool of cybersecurity specialists. Notification to the organization and, where relevant, registered Hotmail, MSN, or Outlook.com accounts if verifiably threatened or compromised by a known nation-state actor. Recommendations to the participating organization for remediation if a compromise is confirmed.

Enhanced Identity Protection: Includes Azure Active Directory P2 trial licenses, and eligible campaigns can get FREE Yubico security keys from DDC.

Direct Line of Support: A direct line to Microsoft’s Democracy Forward team for security questions.

Workshops and Webinars: Access to cybersecurity webinars and workshops, including best practices, identity protections, and M365-specific guidance.

Microsoft strongly encourages all political campaigns/organizations to sign up for this free program to add this additional level of security to your campaign’s Microsoft 365 account and the personal accounts of important and public campaign figures.

Now is a critical moment as the threats increase in the last phase of the campaign when the most damage can be done.

By adopting these measures, you can focus on what truly matters—running a successful campaign. To learn more about how to enable AccountGuard for your organization or to sign up for AccountGuard on your personal accounts, please visit https://accountguard.microsoft.com/ or contact CampaignSuccess@microsoft.com.

Of course, feel free to reach out to DDC if you have questions.