Political Campaigns and Phishing: Five Things Campaign Staff Can Do to Stay Safe
Businesses, consumers, and government agencies are at risk of a cyberattack every day. But as the 2020 political campaign heats up, candidates and their staff are all too aware of the spotlight being shone on them. With experts citing security breaches, particularly phishing, as a top concern for the 2020 election, it’s more important than ever that campaigns find ways to protect themselves.
One of the best things campaign managers can do is to educate everyone involved on the dangers of clicking on email links. The right software can detect suspicious activity and alert security teams, but your team should also avoid inviting the activity in from the start. Here are five things your campaign team can do to protect your data from malicious activity.
Educate all staff
Your best defense against any data breach is education. Since 91 percent of cyberattacks start with a phishing email, your own employees are usually responsible for bringing malware into your environment by clicking and/or downloading malware. The best thing you can do to protect your campaign is to hold a brief training session that educates everyone connected to your server on email safety. That training course should include:
- Don’t click on links. The first, most important, message you should impart to your campaign team is to never click on a link, whether it comes through email or text. Even social media isn’t immune from phishing scams. If a link takes them to a page where they’re asked to input passwords, details, or account information, they should go directly to the website in a separate tab and login directly to the site in question.
- Appearances can deceive. Explain the concept of email spoofing and that even when the email header looks accurate, it can be faked by a third-party source.
- Check spelling and grammar. Spelling and grammar errors can be big “tells.” If it’s a legitimate email, typically it will have gone through a professional editor, or at least a few sets of eyes, before it comes through to you. But this is not a guarantee that a well-written email is legitimate. The sophisticated attacks likely to target political campaigns could be error-free.
As these attacks grow more sophisticated, though, it’s becoming increasingly difficult to differentiate phishing emails from legitimate ones. For that reason, your campaign needs to put additional protective measures in place.
Run a simulated phishing test
Even with the best training, humans are prone to errors. Sometimes personal experience can get the message through much more effectively. For that reason, it may help to run a simulated phishing test to detect your true risk level. There are multiple tools that can you can use to run simulated phishing tests. Basically, you send your employees a realistic looking email that appears to be a phishing email, but it is not harmful. Depending on the tool that you use, it can track results like which employees opened the email or which employees clicked on the links in the email.
Check your security access
Security professionals have long followed the principle of least privilege, which simply states that each user should have the lowest level of access necessary to do their work. By limiting what non-administrative users can do, you protect your organization should someone compromise an employee’s credentials and use them to log into your network. Do a quick checkup of your user account settings and minimize the number of people who have higher-tier access.
Use email filters
Although software can help lock down your emails, you should already have spam filters provided by the email solution you use. Encourage users to mark any spam email that makes it through to his or her inbox to ensure that the information is used as feedback in helping the filters do a better job.
Prepare a response plan
No matter what protective measures you take, an attack is always a possibility. Make sure you’re prepared for such an event by putting together a response plan. This whitepaper can help you prepare for the most common security scenarios so that your team can swiftly tackle any event that puts your most sensitive data at risk.
Using the latest artificial intelligence technology, you can ensure your servers are always safe from a cyberattack. Exabeam uses behavioral analytics to monitor for signs that an attack is imminent and alerts your team so that you can take protective measures. Once you’ve educated your internal users, this technology can bring an added layer of security that ensures your devices and servers remain safe.