Protected Voices: Safer Campaign Communications

Protected Voices: Safer Campaign Communications


Hi, I’m Erica, a computer scientist with
the FBI. In this video, we’ll talk about how a few
proactive communication practices can effectively enhance your campaign’s overall cybersecurity. Given the importance of communications to
a campaign, both in managing its operations as well as connecting with voters, it’s no
surprise that communications also represent a significant potential vulnerability. Communications can include personal and official
email, messaging apps, and social media. Each of these forms of communication may be
essential to running a successful campaign, but you should be aware of the potential dangers
of cyber attacks through these various channels. Your campaign should use the most secure methods
of communication to reduce the likelihood of intrusion. Keep in mind, most secure does not always
mean practical. Security and convenience often work on a continuum—with
the most convenient practices tending to be the least secure. Use your best judgment for what makes sense
for your campaign. A common method used for securing communication
is encryption. Encryption encodes information, making it
unreadable to anyone but those who have a key to decode the encrypted data. This method can be very effective in ensuring
your information remains safe from attackers. There are numerous ways to implement encryption
so that even if an attacker gains access to your information, he or she will be unable
to use it without a lot of effort. Look for trusted vendors of encrypted communication
services for texting, email and voice; there are several solutions available, and some
are free. To help prevent attackers from stealing information,
don’t keep more than you need. You can do this by disabling the “archive”
and “save old messages” features on your communication devices and applications; these
are typically defaulted to automatically save. Disabling this feature is the electronic equivalent
of shredding documents. Depriving attackers of opportunities to attack
can greatly improve your defenses. Ensuring only devices with a need to connect
are granted connectivity to your systems will reduce the resources needed to monitor and
defend networks. One way of doing this is to create access
control lists. Access control lists typically consist of
‘white lists’ or ‘black lists.’ Whitelisting is a method of restricting access
to only pre-approved devices or connections. Blacklisting involves denying access to devices
which are presumed or known to be not trustworthy. Blacklisting and whitelisting are often based
on device characteristics, such as a unique identifier, or the ways in which devices are
trying to connect, such as a source IP address. Whitelisting, while more restrictive and secure,
is often not practical for networks that need to respond to unknown users, like the constituents
a campaign may be trying to reach. Blacklisting regions of the world that don’t
have an approved or anticipated relationship with your campaign can greatly decrease the
amount of threats your campaign faces. Communications infrastructure shouldn’t be
left on overnight when no one is in the office. When you leave for the day, turn off devices
and, where possible, turn off your office Wi-Fi networks, which can offer adversaries
a potential route into your operations. Ideally, personal devices wouldn’t be used
for campaign activities, but sometimes this can’t be helped, as campaigns often rely
on personal devices for business. If your campaign uses personal devices, establish
a written bring your own device policy, or BYOD. BYOD provisions should include installing
special safeguards on personal devices to ensure protection against malware; full disk
encryption—meaning all data on the device is encrypted; remote wiping of the device,
in case it gets lost or stolen; and the ability to implement the timeliest updates. Devices should include lockout features for
excessive incorrect login attempts, and default passwords and usernames should be changed. Another way to keep your campaign communications
private is to use an encrypted app for secure messaging. You can easily find reputable, secure group
messaging apps with a little research. If you use a secure messaging app to harden
your communications, encourage all of your staff to also use that same app. BYOD provisions are often called ‘endpoint
protections’ because they’re designed to protect the devices furthest outside of
a network—the endpoints. We encourage your campaign to research reputable
endpoint protection vendors. A great endpoint solution will also have the
ability to monitor whether devices are remaining compliant. When finding an endpoint solution, look for
one which will make sense for your campaign. Finally, create an incident response plan
in case any of these protections fail—and review our video on incident response for
some tips on drafting a plan. Having a plan and resources in place beforehand
can be critical to minimizing or preventing harm when a crisis does hit. Remember, your voice matters, so protect it.

Leave a Reply

Your email address will not be published. Required fields are marked *