With the 2018 midterm elections on the horizon, there are increasing concerns regarding cybersecurity and the voting systems in each state. These security concerns have to extend far beyond our voting systems with this election because digital platforms are also vulnerable to cyber threats. This means that not only are voting and vote tabulation processes at risk, the operations of political parties and candidates are vulnerable as well.
Election cybersecurity is so important right now because there are forces constantly working to undermine trust in our election system and confidence in the outcome.
Growing Trends Leading Up To The Election
Tom Burt, Microsoft’s corporate VP for security and trust, spoke with a panel at a conference in mid-July, about how the company had detected and helped block phishing attempts against three midterm candidates. Hackers had registered a fake Microsoft phishing website designed to trick staff members into handing over passwords or downloading malware onto their computer. These attacks were similar to those sustained by the DNC in 2016.
A few weeks later, Microsoft then reported how it had to disable six Russian-launched websites masquerading as official websites of the U.S. Senate, two conservative think tanks, and the company’s OneDrive cloud storage service. Microsoft President Brad Smith said that they were “concerned that these and other attempts pose security threats to a broadening array of groups connected with both political parties.” Microsoft warned that Moscow was broadening its attacks.
In late August, Microsoft revealed that Russian and Iranian hackers were using the company’s Azure cloud platform to set up fake domains so they could send phishing attacks that were targeted at political campaigns. These websites were so realistic-looking because the hackers used misappropriated company logos and trademarks.
Google also recently alerted Senator Pat Toomey of Pennsylvania, about how hackers with ties to a “nation-state” had sent phishing emails to old campaign email accounts. Steve Kelly, a spokesman for the senator, said the accounts hadn’t been used since the end of the 2016 campaign. Kelly said that these actions underscore the cybersecurity threats our government, campaigns, and elections are currently facing. The news article goes on to report how Senator Jeanne Shaheen of New Hampshire has also been the target of phishing attacks.
These cybercriminals are targeting our political system by trying to gain access inside political campaigns. They also probe our electoral systems, where they can potentially alter voter data and election results. Fake ads and accounts on social media are other methods used to spread disinformation and division.
They will continuously try to do everything they can to breach our systems and disrupt elections in November. Are you prepared for it?
How Candidates, Staff, and Consultants Should Be Protecting Themselves
1. Security Awareness Training
Security awareness training provides everyone with the knowledge on how to recognize cybercrime and learn more about security risks, including social engineering, online phishing, and web-browsing risks. Continually emphasizing the critical nature of data security and the responsibility of each person in protecting this data, will have a significant impact.
2. Data Incident Reporting Procedures
Knowledge about data incident reporting procedures and awareness of a computer operating outside its norm (unexplained errors, running slowly, changes in desktop configurations, etc.) are also critical. When everyone on your team can recognize a legitimate warning message or alert, this will allow these incidents to be reported to IT immediately, so they can mitigate and investigate the threat.
3. Strong Password Selection
Making sure that everyone knows how to select strong and secure passwords is essential. The stronger the passwords, the more secure your computers and accounts are. Have users create a very long easy-to-remember passphrase that never changes, and then add app-based two-factor authentication for accounts with sensitive information, e.g. email.
4. Responsible Email Usage
Responsible email usage is another great defense for preventing data theft. Accepting email that only comes from someone you know; someone you have received mail from before; something you are expecting; doesn’t look odd with unusual spellings or characters; and passes your anti-virus program test will help thwart these phishing attacks. Also, be particularly cautious with emails containing links and attachments.
5. Hire A Security Partner
Your final defense is to hire a good cybersecurity provider and form a partnership where remote monitoring and constant maintenance allows them to keep ahead of any threats. There are so many ways hackers can cause chaos on your network and try to tamper with information, without you knowing about it. Sometimes your IT team just doesn’t catch it quickly enough and the damage will already have been done. Many eyes are essential to a proactive defense.
Are you the next target of these cybercriminals? They’re going to attack, it’s the where and when that’s uncertain.
KTG recently brought on a new client in the Nashville area who provides political campaign strategy services. The company reached out to us to make sure they are as secure as possible. We have implemented several layers of additional security to protect their employees, the candidates, and the staff they are working for during this election cycle.
By partnering with KTG, you will have consistent, “on guard” protection for your network, essential data, applications, people, and processes. Please contact us today because vigilant cybersecurity management leading up to and during these elections is needed now, more than ever.