Free Cybersecurity Offerings for Any Organization
The most sophisticated malicious cyber operators in the world set their sights on American political campaigns. Organizations that work alongside campaigns are also at risk including but not limited to political consultants, digital firms, campaign training organizations and election officials. Bad actors seek to interfere with our democracy or steal money.
DDC,under a Federal Election Commission advisory opinion offers free cybersecurity products and services to eligible campaigns and state parties.
However, If you can’t get free products from DDC, there are many free and trusted products available to anyone that you can use to secure your campaign or organization.
Here’s how you can protect against the most common threats you face:
#1 THREAT: UNAUTHORIZED ACCOUNT ACCESS
Threat: Bad actors accessing accounts via phishing and other techniques to:
Steal and/or expose sensitive information
Use legitimate campaign accounts to steal money from donors
Compromise social media accounts to impersonate or embarrass a campaign or candidate
Solutions: Protect Accounts with Strong Authentication
Enable free password managers in Chrome, Edge, and Firefox or LastPass on any browser.
Use passkeys Use passkeys on all sites that allow them most importantly on core accounts like Google and Microsoft, social and financial.
Yubico’s Secure It Forward provides free security keys to eligible organizations and individuals
#2 THREAT: HIJACKING OF PUBLIC PRESENCE AND COMMUNICATIONS
Threat: Campaign website compromised- Inauthentic content posted or website taken down via attack
Solutions: Protect websites with free website protection such as Cloudflare’ Project Galileo for hi-risk groups, Cloudflare Athenian Project for state and election websites or Google’s Project Shield.
Threat: Outgoing email hijacked-Campaign impersonated to phish or influence supporters
Solutions: Protect email domains with Valimail Monitor, a free tool that authenticates sent emails and prevents impersonation.
Threat: Vulnerable campaign domain- campaigns run on platforms like Google Workspace or Microsoft Office without proper security configurations
Solutions: Protect your domain using early access product Account Security Fundamentals for Workspace from Google or M365 for Campaigns and AccountGuard from Microsoft
Threat: Compromised mobile devices- Gain access to sensitive information about a candidate or a campaign with malicious software
Solutions: Protect mobile devices with iVerify that detects state-sponsored threats, such as mobile malware
ADDITIONAL HELPFUL RESOURCES
There are many excellent groups interested in and working on the cybersecurity of our elections. Below you will find organizations and links for your convenience. We encourage you to check out the following:
Belfer Center: Defending Digital Democracy Project
Starting with the “Top Five Checklist” and moving into more in depth breakdowns, the D3P resources below provide helpful, bite-sized information with easily digestible graphics & lists that help not only evaluate your cyber risk, but provide steps to securing your campaign moving forward.
Video: Five Things (practical, 3-minute training video for campaign staff and volunteers from all political parties) :
Cybersecurity Campaign Playbook
https://www.belfercenter.org/CyberPlaybook
The State and Local Election Cybersecurity Playbook
https://www.belfercenter.org/publication/state-and-local-election-cybersecurity-playbook
FBI: Protected Voices
The Protected Voices FBI initiative aims to mitigate the risk of cyber influence operations targeting U.S. elections. The link below provides informative videos crucial to campaigns. The topics range from protecting passwords to social engineering threats to what to do if you think you’ve been hacked.
National Governors Association: RESOURCE CENTER FOR STATE CYBERSECURITY
The NGA Resource Center provides a comprehensive list of resources, tools and recommendations to help craft and implement effective state cybersecurity policies and practices.
Center for Democracy and Technology
The CDT has written a helpful breakdown to compare “Traditional volunteers” with “Technical volunteers” while highlighting the importance of using civic-minded community members with technical skills to support experience both on Election Day and beyond.
Election Officials Toolkit for Technical Volunteers
https://cdt.org/insight/election-officials-toolkit-for-technical-volunteers/Infosec Toolkit for Election Volunteering
https://cdt.org/insight/infosec-toolkit/
Center for Internet Security
Through a best practices approach, the CIS aims to help organizations involved in elections better understand what to focus on, how to prioritize and parse the enormous amount of guidance available on protecting IT-related systems, and engage in additional collaboration to address common threats to this critical aspect of democracy.
Election Security Best Practices
https://www.cisecurity.org/elections-resources/A Handbook for Elections Infrastructure Security
https://www.cisecurity.org/wp-content/uploads/2018/02/CIS-Elections-eBook-15-Feb.pdfA Guide for Ensuring Security in Election Technology Procurements
https://www.cisecurity.org/wp-content/uploads/2019/05/CIS-Elections-Procurements-12-April.pdfElection Security Self-Assessments
https://www.cisecurity.org/elections-resources/election-security-self-assessments/Security Best Practices for Non-Voting Election Technology Guide
https://www.cisecurity.org/wp-content/themes/cis/assets/docs/Security_Best_Practices_Non-Voting-Tech_v1.1.pdf
Global Cyber Alliance
Use the GCA Cybersecurity Toolkit for Elections to help you implement the best practices from the CIS Handbook, find practical tips, and improve the security posture of your election office.
Cyber Security Toolkit for Elections
https://gcatoolkit.org/elections/
feedback
Do you have additional resources, ideas, stories, and comments? Share with us on Twitter @defendcampaigns or email us at info@defendcampaigns.org so we can continue to improve our resource list.