With the 2018 midterm elections on the horizon, there are increasing concerns regarding cybersecurity and the voting systems in each state. These security concerns have to extend far beyond our voting systems with this election because digital platforms are also vulnerable to cyber threats. This means that not only are voting and vote tabulation processes at risk, the operations of political parties and candidates are vulnerable as well.
Election cybersecurity is so important right now because there are forces constantly working to undermine trust in our election system and confidence in the outcome.
A few weeks later, Microsoft then reported how it had to disable six Russian-launched websites masquerading as official websites of the U.S. Senate, two conservative think tanks, and the company’s OneDrive cloud storage service. Microsoft President Brad Smith said that they were “concerned that these and other attempts pose security threats to a broadening array of groups connected with both political parties.” Microsoft warned that Moscow was broadening its attacks.
Google also recently alerted Senator Pat Toomey of Pennsylvania, about how hackers with ties to a “nation-state” had sent phishing emails to old campaign email accounts. Steve Kelly, a spokesman for the senator, said the accounts hadn’t been used since the end of the 2016 campaign. Kelly said that these actions underscore the cybersecurity threats our government, campaigns, and elections are currently facing. The news article goes on to report how Senator Jeanne Shaheen of New Hampshire has also been the target of phishing attacks.
These cybercriminals are targeting our political system by trying to gain access inside political campaigns. They also probe our electoral systems, where they can potentially alter voter data and election results. Fake ads and accounts on social media are other methods used to spread disinformation and division.
They will continuously try to do everything they can to breach our systems and disrupt elections in November. Are you prepared for it?
How Candidates, Staff, and Consultants Should Be Protecting Themselves
1. Security Awareness Training
Security awareness training provides everyone with the knowledge on how to recognize cybercrime and learn more about security risks, including social engineering, online phishing, and web-browsing risks. Continually emphasizing the critical nature of data security and the responsibility of each person in protecting this data, will have a significant impact.
2. Data Incident Reporting Procedures
Knowledge about data incident reporting procedures and awareness of a computer operating outside its norm (unexplained errors, running slowly, changes in desktop configurations, etc.) are also critical. When everyone on your team can recognize a legitimate warning message or alert, this will allow these incidents to be reported to IT immediately, so they can mitigate and investigate the threat.
3. Strong Password Selection
Making sure that everyone knows how to select strong and secure passwords is essential. The stronger the passwords, the more secure your computers and accounts are. Have users create a very long easy-to-remember passphrase that never changes, and then add app-based two-factor authentication for accounts with sensitive information, e.g. email.
4. Responsible Email Usage
Responsible email usage is another great defense for preventing data theft. Accepting email that only comes from someone you know; someone you have received mail from before; something you are expecting; doesn’t look odd with unusual spellings or characters; and passes your anti-virus program test will help thwart these phishing attacks. Also, be particularly cautious with emails containing links and attachments.
5. Hire A Security Partner
Your final defense is to hire a good cybersecurity provider and form a partnership where remote monitoring and constant maintenance allows them to keep ahead of any threats. There are so many ways hackers can cause chaos on your network and try to tamper with information, without you knowing about it. Sometimes your IT team just doesn’t catch it quickly enough and the damage will already have been done. Many eyes are essential to a proactive defense.
Are you the next target of these cybercriminals? They’re going to attack, it’s the where and when that’s uncertain.
KTG recently brought on a new client in the Nashville area who provides political campaign strategy services. The company reached out to us to make sure they are as secure as possible. We have implemented several layers of additional security to protect their employees, the candidates, and the staff they are working for during this election cycle.
By partnering with KTG, you will have consistent, “on guard” protection for your network, essential data, applications, people, and processes. Please contact us today because vigilant cybersecurity management leading up to and during these elections is needed now, more than ever.
Brian Gray, MCP, is the President at Kraft Technology Group, LLC (KTG), an affiliate of KraftCPAs PLLC. Within his role, Brian is responsible for all aspects of service delivery to our clients. Brian has a decade of experience working for managed service providers. He has worked with clients in a variety of industries, including financial services, accounting, legal, healthcare, manufacturing, and retail.