Cybersecurity For Campaigns: A Q&A with the DNC and Defending Digital Campaigns

Would you know what to do if your campaign experienced a cyberattack? As we head into the 2022 campaign year cybersecurity is only going to increase in importance, regardless If you are running for office, working on a campaign, or volunteering for your local party.

On August 19, 2021, we hosted a training with Alison Goh, the Democratic National Committee’s Security Program Manager, and Michael Kaiser, Defending Digital Campaigns’ President and CEO for a special Q&A. The discussion centered around preventing cyberattacks, as well as how to mitigate and respond to them.

Here are the main takeaways from this Q&A session you can use to make sure your campaign or organization is ready heading into 2022:

Cybersecurity is Important For Everyone

This may be your first time running for office or staffing a campaign. You may be involved in a local or statewide race. Regardless, protect your campaign by taking a few simple steps to guard against cyberattacks. The future you will thank you.

To secure your campaign, you can start by assessing your threats, readying your team for phishing attacks, encrypting all communications, as well as authenticating access on campaign-specific accounts for each team member.

Engage in Risk Management

According to Alison and Michael, cybersecurity is all about risk management. There are general risks to using technology, but these risks increase in the political space.

.@MKaiserDDC: Take steps to determine if your campaign faces greater risks. Are you in a close race? Will your race determine the balance of power in your city or state?

Answering these questions will go a long way toward securing a campaign.#TrainDems

— National Democratic Training Committee (@TrainDems) August 19, 2021

Action Item: Plan ahead and schedule a meeting in order to evaluate the risks of cyberattacks for your specific campaign or organization.

Ask your team questions such as:

• Are you in a close race?
• Does this election have the potential to determine the balance of power in your city or state?
• Which of our peers have been susceptible to cyberattacks?
• What preventative measures need to be in place in order to mitigate these threats?
• How is the campaign going to respond if sensitive information becomes compromised?

With news of more frequent cyberattacks, it is daunting to approach cybersecurity in a campaign context. But focusing on what could happen to your specific campaign and preparing your rapid response plan will provide concrete standard operating procedures in order to protect your information. 

Learn more about managing the risks of a cyberattack with Defending Digital Campaigns’ blog post, “Cybersecurity For Campaigns: Understanding and Reducing Your Risk.”

Beware of Phishing

If you own an email account, chances are, you’ve experienced phishing. However, phishing can happen via text and phone, as well. Anytime hackers trick users through scam emails and other fraudulent means to gain access to personal, business, or campaign accounts, this is called phishing.

While being in electoral politics increases the likelihood that this may happen to you, this is a daily occurrence that takes place across the digital landscape. 

.@alisonhgoh: Two factor authentication can often protect you from phishing attempts, because even if a hacker has your password, they still won’t be able to access your accounts.#TrainDems

— National Democratic Training Committee (@TrainDems) August 19, 2021

Action Item: Defend against phishing by taking simple steps, such as enabling two-factor authentication to protect your accounts on email and social media.

In addition, beware of impersonation emails. Check the spelling of email addresses, especially if you are being asked for money. When in doubt, verify people by phone call to make sure it’s actually them sending the email!

Use Encrypted Communications

Over the course of your campaign, some conversations will need to be kept private. As a result, encrypted communication can be extremely useful.

Action Item: If you’re going to send a text, use encrypted messaging tools like Signal or Wickr in order to keep conversations confidential.

.@MKaiserDDC: Use encrypted communications for your campaigns. Some conversations need to be kept private. Use platforms like Signal or Wickr to encrypt your messages.#TrainDems

— National Democratic Training Committee (@TrainDems) August 19, 2021

Create Separate Campaign Accounts

When you decide to run for office, you may want to use personal email addresses and social media accounts for campaign activity. Panelists both recommended creating separate accounts for your campaign. But regardless, make sure to protect all accounts, through steps such as enabling two-step verification.

.@KellyNDTC: When you run for office, create a campaign account different from your personal account, and don’t forget to secure personal accounts.#TrainDems

— National Democratic Training Committee (@TrainDems) August 19, 2021

Action Item: Discontinue any usage of personal accounts across your team.

Check out NDTC’s blog post, “Setting Up Social Media For Political Campaigns,” in order to set up campaign-specific accounts!

Make Cybersecurity a Priority

Cybersecurity is about implementing safeguards to protect your information. It’s about detecting and preparing for threats early on, as well as making sure we take steps to mitigate any potential cyberattack. 

These initiatives start with the candidate and campaign manager setting the tone. But it requires commitment from the entire campaign to make it a priority. We must do everything possible to make cybersecurity the norm among Democratic campaigns.

Secure Your Campaign Today!

We were delighted to host Alison Goh from the DNC and Michael Kaiser from Defending Digital Campaigns for a training on cybersecurity for campaigns. Thank you to everyone who attended this special Q&A. 

One quick stop on your way to prioritizing cybersecurity is the DNC’s Security Checklist. and Defending Digital Campaigns’ cybersecurity resources. This resource provides the foundational steps to building a strong defense. In addition, take a look at NDTC’s courses, “Using Social Media Platforms,” and “Digital Campaigning: Email 101,” for more information on setting up your digital campaign.