Connecting state and local government leaders
A new report offering solid technical advice for political campaigns can be useful to smaller government offices working to secure information.
With daily headlines filled with news of campaign leaks, hacks and intercepted messages, government IT managers and elections officials can take some cybersecurity lessons from those on the front lines in politics.
A new report from the Belfer Center for Science and International Affairs in Harvard’s Kennedy School of Government offers some solid technical advice for political campaigns that can also be helpful to smaller government offices working to secure information:
Take advantage of the cloud. Use a cloud-based office suite, like Google’s GSuite or Microsoft365, for email and document sharing because the security provided by major firms is superior to that provided by a server set up specifically for a campaign. Email should be encrypted, and personal accounts should never be used for campaign business.
Use two-factor authentication on all systems and applications. Require strong passwords and use a different password for each account. Administrative access should be limited to the people who needed it, and admins should use separate accounts for non-admin tasks, the report suggests. A standalone password manager can help manage multiple long passwords. For enhanced protection, set up role-based user profiles.
Secure all devices. Phones and other devices should always use the most up-to-date operating system and automatic cloud backup. Any default passwords should be replaced and settings changed so devices autolock. Require encryption on all devices and install endpoint protection software, especially on personal devices used for business. For even greater protection, consider mobile device management software and advanced threat protection services.
Ensure network security. A separate guest network should be available for volunteers' internet access, and staff should use updated browsers and a VPN when possible. To avoid accessing public Wi-Fi, consider providing staff mobile Wi-Fi hotspots for tethering. For advanced network security, get an IT professional to set up a hardware firewall, encrypt the Wi-Fi and segment cloud storage.
Read the full report here.