Should You Add a Password to Your Donation Page?
September 2023 | by Conner Downard
With increased cyber-attacks across the globe, it is more important than ever to be implementing best practices at every level of the campaign team.
Are you working on a political campaign? Here’s what you need to be doing to make sure you aren’t putting your campaign’s cybersecurity at risk.
Cybersecurity is more than just “strong passwords.” Cybersecurity is the protection of computer systems and networks from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.
“With access to valuable voter demographic and financial data, not to mention campaign strategies and communications, political campaigns are soft targets for nefarious actors, including sophisticated nation-states and financially motivated actors,” warns Micah Yousefi, Founder of Public Trust Technologies.
You need to make sure that your campaign is secured at two levels:
In this article, we’re going to focus on how individuals on a campaign can contribute to the whole team’s cybersecurity. Join us as we lay out some of the best practices to securing your campaign and avoiding common scams.
Passwords are your first line of defense for all your devices and data. Make sure you are using a strong password on every platform to help keep out any unauthorized access, and always use two-factor authentication (2FA) where available.
The best way to keep passwords secure? Minimize who has access to them. Consider who on the campaign team really needs access to campaign accounts and grant access accordingly.
Here are some password do’s and don’ts to keep in mind.
In sum, if your campaign is using the password “victory2022”, it’s time to change it right now.
Passwords aren’t the only entity that needs to be kept secure. You must also make sure you are securing the physical devices your campaign is using.
What kind of cyber threats might you personally face? Some examples of various threats are:
Have you received a suspicious message? Scammers use specific tactics that may make you more susceptible to their phishing scams. Here are the techniques scammers use that should set off your alarm bells:
Don’t fall for phishing scams! Always verify through a second medium if a request seems suspicious. Remember: Email addresses and phone numbers can be spoofed. Better safe than sorry.
The grassroots, get-it-done-yesterday energy of political campaigns is invigorating, but not always conducive to building strong institutional cybersecurity practices.
Your dedicated — but untrained — volunteers will always be one of the weakest points in your infrastructure. Make sure you are creating a culture of caution around digital security, and providing the education your staff needs to avoid falling victim to a phishing attack. Have them read this article, and make sure they internalize the lessons from it while they have access to campaign digital accounts and data.
All of this seem overwhelming? Work with a professional firm like IMGE to set up your campaign’s digital infrastructure. As a SOC II Type 2 Certified firm, we can be a partner to building a secure and effective digital operation for your campaign.
While you're here, check out these related articles: