1. Home
  2. Technology
  3. The Playbook for Campaign Cybersecurity

The Playbook for Campaign Cybersecurity

Securing your campaign’s victory should be top of mind when entering into a contested political season. From sleepless nights to the “little victories” that occur, you, your team, and your candidate (or initiative) have a daunting goal to accomplish. However, what could be most daunting — thanks to the events of the 2016 Presidential Election and our ever-changing digital world — is securing your data and preventing any breaches of security.

The Defending Digital Democracy project of Harvard Kennedy School’s Belfer Center for Science and International Affairs agrees. That’s why in November of 2017, the project released their “Cybersecurity Campaign Playbook” to serve as an academic and industry-based approach to teaching campaign managers, consultants, and field organizers about why cybersecurity matters.

Steps you can take

By implementing recommendations made in the “playbook,” campaigns can prevent a crisis-level breach of important voter contact data, internal information, and, potentially, highly-sensitive documents and opposition research.

To avoid a significant breach, consider these five tips:

  1. “Set the tone”: Creating a culture of good practices and follow-through will do wonders. Take the initiative to reduce risk by training staff, developing standard operating procedures, and setting the example. It should also be noted that human error is the cause of most data breaches.
  2. “Use the cloud”: Google’s G Suite to Microsoft 365, from Zoho to Adobe online services; finding the right cloud-based productivity suite will improve functionality while securely storing documents and files.
  3. Use two-factor authentication”: Require all of your organizational logins (social media accounts, email accounts, etc.) to have a two-factor authorization tool integrated into passwords. Use a physical key or an external mobile phone application as your two-factor platform.
  4. “Create strong, long passwords”: All passwords that you and your employees use should be random, long, and not similar in any manner. Don’t be afraid to use an overly long password of random words and all capital letters instead of an easy-to-remember password for everything. And use an encrypted password manager to help you keep track of your elongated passwords.
  5. “Plan and prepare”: Always have a plan in place just in case your organization does have a breach. Have your preferred tech support ready, know your legal obligations and rights, and be prepared for a firestorm of communication from inside and outside your organization.

Finding and identifying your vulnerabilities should also be a key focus of your organization’s broader strategic plan.

Understand who is targeting your campaign

Having an understanding of who is targeting your campaign is also important. Like any organization, there are people out there who want to harm you, your organization, and, most importantly, your candidate or initiative.

Whether it’s a foreign intelligence service from another country or a hacktivist who wants to make a political statement by leaking your sensitive information, bad actors and adversaries of all stripes and backgrounds are out there — watching and waiting to strike.

Because we live in a time of such uncertainty, you need to operate your risk management strategy as if you are already a target, someone will strike at any time, and with the understanding that complacency could be catastrophic.

Other Resources

The Cybersecurity Campaign Playbook (PDF)

Motivations of a Criminal Hacker – Microsoft Developer Network

Cybersecurity Lessons From the 2016 Presidential Election – Security Intelligence/IBM

For more answers just like this

Was this article helpful?