Campaign security is a significant issue in the current climate of U.S. and worldwide politics. With more phishing attacks, scams, and social media data harvesting going on than ever before, campaign managers and staff all the way down the pecking order must remain vigilant when it comes to cybersecurity – as well as physical security, of course.
If you are learning how to run for office – or managing a campaign for a friend or close colleague – then starting with the securitization of data and implementing best practices for preventing data breaches is always well-advised.
Implement best practices for data management in the office.
Social engineering tactics have become a mainstay in both campaign offices looking to provide an advertising and messaging edge for their candidate and in malicious camps, seeking to exploit vulnerabilities for profit or help an opponent.
In a classical sense, social engineering is manipulating individuals into handing over information or “priming” them to think in the manner they desire. This is where much of the election manipulation campaign run by Russian entities in the 2016 race was focused. In principal, it’s far easier to trick or manipulate an individual into handing over sensitive data, passwords, strategy, or social media data than it is to breach their physical machines digitally. This is essentially a real-world phishing attack that focuses on vulnerabilities of gullibility.
Intelligent hackers can spoof a phone number or email address – making it look like a trusted aide is reaching out with a routine information request. These hackers can manipulate lower level – and high ranking – officials into providing key resources for breaching systems or machines remotely. Many high-profile spear-phishing attacks have resulted in famous losses for high net worth individuals and companies from The DNC during that election cycle to Target and even Barbara Corcoran, an investor on Shark Tank.
Use revolving passwords and maintain communication.
Maintaining clear lines of communication between staff members and conducting all-hands meetings at regular intervals may seem like a daunting task. Still, these measures will help prevent gaps from forming digitally that can be used to exploit your entire system. Spear phishing attacks take advantage of the lack of communication that typically exists within a large organization. By asking for a password, providing new banking details with seemingly legitimate contracts, or seeking to resubmit a form, hackers can pass themselves off as legitimate parties within your sprawling organization and gain key pieces of information.
Communication helps break down this shroud of uncertainty. When your staff is talking to one another, they will be better equipped to notice a quirk in the email address of a known friend or identify a suspicious request based upon a knowledge of another colleague’s daily caseload. Working to integrate departments physically is another great way to implement a layer of physical security over your digital assets. If someone from the marketing team is sitting two desks away, it’s likely easier to simply ask for the details you need or verify their request in person rather than simply sending on sensitive data.
Routine password management practices are also a great way to close gaps in your organization. While no defense will ever be perfect, routinely changing pathways to sensitive files and information is the best way to mitigate damages when they do occur. A scammer may gain access to a file folder or social media account, but a revolving password may be successful in locking them out automatically after just a few hours.
Securing sensitive information and reducing the damage that phishing, malware, or malicious hackers can do is simply a core function of the campaign process these days.