As our country continues its massive scale shift to social distancing and staying at home, what was once a major theme in our news cycle is now minimally to be seen. Yes, the US presidential and state campaigns have taken a not unexpected back seat to the news covering the latest in managing COVID-19 across the U.S. These campaigns – like any organization or corporation across the nation – have had to quickly shift their focus from in-person, onsite campaign management and events to solely virtual, digital politicking given much of the country is isolated at home.
While political campaigns shift full swing to lifting up their virtual campaigns, now more than ever these campaigns need to be vigilant in managing the security of their volunteers’ and employees’ endpoints, wherever they may be. Political campaigns are easy marks for cyber crime, especially now as more and more start operating 100% virtually.
What Puts Election Campaigns At Greater Risk?
There are a number of factors which can contribute to the cyber vulnerability of political campaigns, such as budget constraints and a revolving door of endpoints to secure and employees to train. For example, campaign employees often use their own personal devices to get work done -- and these devices may not be getting security updates regularly, which means they’re more vulnerable to cyber attacks. Implementing good cyber hygiene practices can help mitigate the hacking of US elections and safeguard political campaigns against cyber mischief.
The term “cyber hygiene” refers to the essential elements of protection and maintenance that organizations should include as part of their overall cyber defense. Password policies, user limitations, endpoint hardening and patch management are all necessary to maintain good cyber hygiene practices. For political campaigns, good cyber hygiene is critical to mitigating the risks of cyber attacks -- and the potential fall-out from being the victim of a data breach or other cyber threat.
The world of politics is rife with controversy, but one thing experts all seem to agree on is the fact that political campaigns need to take cybersecurity more seriously. Recent reports suggest that political campaigns are particularly vulnerable to attack because they are especially attractive to malicious actors. Life in the political circus is fast-paced and cybersecurity may not be on the radar, but there is no shortage of bad actors looking to cause trouble for them.
Employing good cyber hygiene practices is essential to mitigating the vulnerabilities that come with being part of a political campaign.
Prevent Election Campaign Interference with Good Cyber Hygiene
Around the world, politicians and political campaigns have been victimized by cyber attacks -- and in many cases, a little basic cyber hygiene could have prevented a lot of heartache.
A phishing email is what led to the Clinton campaign being compromised during the 2016 election. Earlier in 2020, Brianna Wu -- a candidate running for a seat in the House as Massachusetts’ 8th District Rep -- revealed that she was also hacked. Wu, a former software engineer, is keeping the details of the hack under wraps to avoid giving any advantages to would-be attackers and notes that she did have “solid protection measures” in place for prevention.
Taking the time to teach employees about cybersecurity basics -- such as how to spot a malicious email and how to handle it -- is a small step that can be a real lifesaver down the line. However, not every attack can be thwarted with such measures and keeping the other elements of cyber hygiene in check can help reduce your campaign’s overall cybersecurity risk.
The basic elements of good cyber hygiene include:
- Password Policies: A password policy can help ensure employees are creating secure passwords and are changing them regularly.
- User limitations: Only those who need administrative privileges should have them. Other users should have limited access.
- Keep a back-up: Back-up your data on a secondary source to protect it from attackers and other threats. Secondary sources can include the cloud or on an external hard drive.
- Keep an inventory: All devices and programs should be inventoried.
- New Install Documentation: New installs should be done correctly and documented for inventory.
- Endpoint Security: Endpoints are a key point of entry for attackers; endpoint hardening is a critical element to good cyber hygiene.
- Perform regular security updates: Patching devices and software is critical for resolving vulnerabilities and minimizing your attack surface.
Incorporating all of these elements can help your political campaign develop good cyber hygiene practices and stronger overall cybersecurity.
Protect Political Campaigns with Endpoint Hardening
“Endpoint hardening” is a term that refers to ensuring all an organization’s endpoints are properly secured. Endpoints are also called “end-user devices” and can include a wide array of devices, such as desktops, laptops and tablets. For political campaigns, endpoint hardening is a cybersecurity must. Some of the key tenets of endpoint hardening include:
- Maintain an inventory of all endpoints
- Have full visibility over all endpoints
- Employ system segmentation
- Create a routine patching protocol
In a political campaign, you have dozens or possibly hundreds of new employees who often rely on their own personal devices to get the job done. With older cybersecurity tools, the process of managing these endpoints and keeping them secured can quickly become a nightmare, if it’s even possible at all. For example, legacy patch management platforms are typically limited in their capacity to patch endpoints. Older patching products can also be cost-prohibitive and may require a substantial amount of maintenance and configuration to run properly. Modern, cloud-native solutions can make it possible for you to manage all your campaign’s endpoints from a single dashboard.
With a cloud-native patching platform like Automox, users can maintain an inventory of all their endpoints and have full visibility into the patch status of those endpoints. Regularly deploying security updates for cyber vulnerabilities is one of the best ways to minimize your campaign’s attack surface and keep malicious actors at bay.
Patch Management for Protecting Your Campaign
Patching, or performing security updates, is one of the most critical steps organizations (and political campaigns) can take to ward off cyber attacks. Estimates suggest that 80 percent of all data breaches are linked to known vulnerabilities -- many of which are found on endpoints. These devices should receive regular security updates, known as “patches.” Patches resolve cyber vulnerabilities; essentially, they close points of entry that attackers may exploit in order to gain entry into the target device or system.
Unpatched vulnerabilities are risky for any organization -- including your political campaign. It’s unfortunately common for people to put off patching, believing that a month or three won’t hurt. As Equifax learned in 2017, delayed patch deployment can be very costly. The 2017 Equifax data breach left 147 million Americans with exposed personal data, and the company is paying hundreds of millions of dollars in settlement fees. For political candidates, a data breach could be even harder to recover from.
Endpoints represent one of the most exploited routes of entry for attackers. While hardening endpoints may seem challenging, modern cybersecurity tools remove many of the barriers organizations face when it comes to maintaining strong endpoint security. Employing a well-designed patch management strategy is crucial to ensuring every device on your campaign is properly secured.
A good patch management strategy includes:
- Keep an inventory: Your IT staff need to know about every device, third party application and operating system being used by your campaign. This helps them know what needs to be patched and what patches need to be deployed.
- Build a patching schedule: Patch your devices and applications on a regular basis. Delaying critical patches increases the risk of an attacker trying to exploit those unpatched vulnerabilities.
- Patch third party applications: Most patching efforts focus on operating systems, but many third party applications need to be patched as well.
- Automate patch management: Using an automated patch management tool can help you streamline the process of patching.
With a modern, automated patching tool like Automox, users can create a routine patching strategy that meets their campaign’s needs. The cloud-native platform makes it possible to inventory everything on your campaign’s system and maintain full visibility over all endpoints.
In a political campaign, employees often use their personal devices -- which means there may be a variety of operating systems and third party applications. Relying on legacy patching solutions would make the process of patching all the different operating systems and applications overly complicated and time-consuming. Modern, cross-platform solutions like Automox make it possible to patch alternative operating systems and third party apps without the headache.
Defending Digital Campaigns: Non-Partisan Cybersecurity Services
Defending Digital Campaigns is a non-profit, non-partisan organization dedicated to providing political campaigns with access to the products, tools and services they need for better cybersecurity. Keeping the campaign and electoral processes secure against threats is crucial, and many organizations (including Automox) are working with Defending Digital Campaigns to help safeguard the electoral campaign process.
To learn more about their program and partnerships, go to: www.defendcampaigns.org.
About Automox Automated Patch Management
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, macOS, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.