As the New Year begins, in the world of politics, the countdown to the 2022 midterm elections starts in earnest. One lesson DDC learned in the 2020 cycle, was campaigns should address cybersecurity as early as possible. Even if your campaign is only 1-2 people right now, this is the time to begin implementing cybersecurity. You want to be ready to expand and have your cybersecurity expand with you.
DON'T BE OVERWHELMED!
Implementing protections that will address the most common threats is easy, and we can help in many ways. Our Knowledge Base is full of information on how to implement cybersecurity for your campaign.
If you are an eligible federal campaign or committee, we have free products and services and can assist with implementation quickly. We also host virtual cybersecurity trainings specifically for political campaigns throughout the year. See: DDC eligibility
Here are some of the top ways to start off the new year more cyber secure and links to more information on each topic that can be found in the Knowledge Base:
Establish your minimums: Decide what tools and products each person in your campaign will use, such as using multi-factor authentication with a security key, password manager, and encrypted communications. See: Cybersecurity Basics
Articulate a policy and maintain a culture of cybersecurity: When onboarding staff and volunteers, articulate your expectations for what cybersecurity measures people should take including how to handle sensitive information and other practices they should follow. See: Sample Policy and Creating a Culture of Cybersecurity
Configure your systems: Within your Google Workspace or Office 365, you can create controls for each user to ensure some practices are in place, such as mandatory multifactor authentication, long, complex passwords, and more. See: Platforms
Protect your website: You want your online home secured from defacements or attempts to bring it down as soon as possible. See: Protect Your Website
Evaluate your risk: Every computer user faces general risks, such as phishing attempts and efforts to break into accounts. Evaluate the potential for heightened risks, such as a tight race or one that will determine the balance of power. See: Assessing Risk
Create an incident response plan: You want to be ready before anything happens. Identify your response team, think about the continuity of operations, and understand your legal requirements. See: Create an Incident Response Plan
We are here to help throughout the campaign and election season. Sign up to get our monthly newsletter and stay up to date on our upcoming training sessions, new blog posts, and more!