2017 and 2016 each saw significant cybersecurity breaches; needless to say, activist organizations of all types are doing everything in their power to avoid being the next victim, like the Democratic National Committee or John Podesta, for instance.
Now more than ever, bad actors lurking on the web are growing eager to strike against political committees, national activist organizations, and even international NGOs with treasure troves of personal data for millions of people.
Curtis Dukes, executive vice president of the Center for Internet Security, and Becker Polverini, CEO of PKC Security, believe that political campaigns and advocacy groups could benefit from taking their cybersecurity needs seriously. Whether it’s using a password manager or two-factor authentication, campaigns need to understand the importance of defending their proprietary voter data and analyses from adversaries. These adversaries could sway public opinion, even elections, with this information. Hackers sponsored by nation-states, in particular, could benefit significantly from breaching a national political campaign.
You also could consider establishing independent countermeasures to help secure “low hanging fruit” like email and any means your campaign uses to reach out to the public.
Taking steps to prevent and contain your potential for loss of critical data will also help in minimizing the damage. For example, it’s better that all of your accounts have unique passwords that are secured so that if one account is ever breached, no others will be at any additional risk.
What do Becker and Curtis recommend?
- Always assume you are at risk. Consider using virtual servers offered by companies like Amazon Web Services over on-premises, physical servers. These companies have the expertise to maintain and secure these information systems for the best result. Conducting regular auditing and monitoring actions of these servers will help, also.
- Don’t be negligent–or complacent–when it comes to the security of your data. The slightest misstep could be dire.
- Ensuring that your organization meets a predetermined set of controls–or actions to provide security–can go a long way.
So, what are those controls?
According to the Center for Internet Security (CIS), there are 20 of these controls. Successfully implementing the first five controls will eliminate most vulnerabilities and risks.
These first five controls include inventorying unauthorized and authorized devices and software, securely configuring that software and hardware, identifying and remediating vulnerabilities continuously, and controlling administrative privileges over your organization’s networks.
However, to take a step further to secure your organization, the remaining fifteen controls include setting up defenses and countermeasures, having your response and contingency plans in place, and maintaining a culture focused on cybersecurity.