In less than a week, the campaign will be over. Your months of hard work have hopefully led to a victory for your candidate and now it’s on to governing! Win or lose, you want to be sure your campaign’s digital assets are secure, whether you will be on hiatus until the next campaign or shutting down.
There are few areas you want to focus on:
Securing and storing credentials (logins and passwords) to key accounts and services: You don’t want to restart a campaign in the future only to find no one can access the domain, a website, or other accounts because access wasn’t preserved post election.
Managing the users that have access to campaign accounts for various services: Over the course of campaign, accounts may have been created or permission granted to access various services to numerous people. Managing their digital departure and removing accounts and access is critical.
Securing the website between campaigns: Out of site shouldn’t be out of mind when it comes to your website. Periodic monitoring and ensuring certificates are up-to-date are a couple of items that should be on your maintenance list.
Removing access to social media: You may have granted access to a candidates or campaign's social media presence. Revoke all that are no longer needed.
Removing campaign data from personal devices: Most campaigns are “bring your own device” (BYOD). As staffers or key volunteers leave your campaign, they may have valuable and sensitive information on those devices. Purging them and any app access they may have will prevent any data leakage post election.
DDC has a section in our Knowledge Base about closing down your campaign securely:
You're likely receiving this on a campaign email address. Want to stay touch? Respond to this email with your preferred email address and keep up with DDC activities like training and more.
If you have taken advantage of any free services from DDC, such as Cloudflare or LastPass, be on the look out for an email from DDC about how those services are maintained between election cycles.