Earlier today, Politico reported that Donald Trump’s Presidential Campaign had been hacked and internal documents were leaked to the media. The campaign believes that foreign actors stole and released the information. This compromise and stealing of confidential information should serve as a wake up call for every campaign to review their cybersecurity posture immediately.
At DDC we can't speak to the cybersecurity of the Trump campaign and don't know how the documents were obtained or who was behind the attack. However, this kind of attack and release of information is exactly the kind of threat faced by all campaigns large and small.
Because campaigns are targets of nation-states, hacktivists, and cybercriminals, Defending Digital Campaigns (DDC) and others consider everyone working on campaigns to be high-risk computer users. Campaigns must implement core cybersecurity practices ASAP to protect the campaign, staffers, and others associated with the campaign as well as digital assets like websites and social media.
DDC can help you rapidly shore up your cybersecurity protections with free cybersecurity products available to federal campaigns. We can also serve state and local campaigns in Georgia, Michigan, Ohio, and Virginia (see eligibility here: https://defendcampaigns.org/offerings-for-eligible-campaigns). If you are a digital firm or other vendor to campaigns, we can work with you to help your clients as well.
To access anything below or ask questions, respond to this email or contact us at info@defendcampaigns.org to access any products below.
Every campaign should immediately get the two following products from DDC:
Security Keys from Google or Yubico to implement the strongest, phish-resistant multifactor authentication on core accounts like email, cloud, and social, and turn on Google’s Advanced Protection or get Account Guard from Microsoft
Cloudflare for Campaigns to protect websites from attacks.
Every campaign should consider getting the following products in place as well:
Doppel to scan social media and take down inauthentic content and impersonations of the campaign
Valimail to protect email sending domains from spoofing and impersonation
iVerify to protect mobile devices if you are concerned about mobile security
If you are concerned that you don’t know if your platform has been set up with cybersecurity in mind both Google and Microsoft have programs for campaigns to configure your environment:
Account Security Fundamentals for Google Workspace, a one-click feature to immediately configure 26 core security settings for your entire team.
Microsoft 365 for campaigns that configure the security for your Microsoft environment
DDC can help campaigns enhance protections on Facebook by facilitating invites to Facebook Protect, Meta’s strongest protections for high-risk users.
DDC urges every campaign to take advantage of all the free cybersecurity built into the platforms you already use like password managers in Edge and Chrome and passkeys where available. Cloudflare has a free version to protect any website and Google has Project Shield, also free, for high-risk organizations like campaigns
Cybersecurity is very much about creating a culture of security within your campaign. Staff should know what security measures to use, who to report problems to, and where to get answers to their security questions. This video could help and read this article from our Knowledge Base
Risk rises as Election Day draws nearer. This should also serve as a reminder that you need to have a response plan if a cyber incident happens on your campaign. Learn more about responding to a cyber incident here.
Remember to contact us at info@defendcampaigns.org to get started on cybersecurity ASAP.