Senior Director for Account Security, Identity, and Abuse
Published Feb 11, 2020
Last week, we shared an overview of how we’re equipping campaigns with security tools like Project Shield and supporting programs like the new Election Security and Information Project. We also just announced a major update of our Advanced Protection Program which will make it easier for members of campaigns to get our strongest level of Google Account security, in an instant.
Today is Safer Internet Day and we’re announcing a new partnership with Defending Digital Campaigns to provide federal campaigns access to free Titan Security Keys, the strongest form of two-factor authentication. Last year, the Federal Elections Commission granted special approval for DDC to offer cybersecurity services to presidential and congressional campaigns. We’re working with this bipartisan organization to help make all qualifying campaigns safer and make it easier for people to enroll in our Advanced Protection program.
Security keys aren’t the only thing campaigns can do to stay safer. Here are three things that any campaign can do to make their members, and their entire organizations, more secure right now.
Enroll in the strongest security offering
From candidates to canvassers, every member of a campaign should understand how to add extra layers of security and protect their information. We recommend everyone associated with political campaigns enroll in our Advanced Protection Program, which bundles all our strongest Google Account security options together. Advanced Protection is available for both personal and G Suite accounts and we recommend campaign members enroll both types of accounts in the program, which they can now enroll instantly with their Android or iPhone. Qualifying campaigns can also request a free physical security key as a backup via Defending Digital Campaigns.
Protect everyone, not just the name at the top of the ticket
Every member of a campaign needs to understand the basics of keeping their information safe. Of course that applies to candidates themselves, but it’s equally important for everyone else with access to campaign information. In fact, it might be more important to educate the vendors, consultants, and support staff because they may not think of themselves as at risk.
If you’re working on a political campaign we recommend that you enroll in the Advanced Protection Program. But, if you decide that’s not for you, these five security tips can strengthen your security in just a few minutes. For example, our research found that simply adding a recovery phone number to your Google Account can block up to 100 percent of automated bots, 99 percent of bulk phishing attacks, and 66 percent of targeted attacks. Campaigns can check out The Belfer Center’s Cybersecurity Campaign Playbook and their overview video for more extensive information.
Make sure someone is accountable for your campaign’s security
Campaigns and political committees should make sure someone at a senior level is responsible for implementing security best practices. You wouldn’t expect the employees of a bank to tolerate consultants with personal email accounts, staffers checking sensitive data on the family iPad, or vendors emailing documents back and forth. Political campaigns, despite often having more of a startup feel, shouldn’t tolerate these lax practices either.
It’s never too late for campaigns to take these simple steps, and much easier to dial up the defense than many people think.