Cyber security advice for political candidates

Related links:

Foreign actors are targeting democratic processes around the world, including every level of government in Canada. If you’re involved in politics – as a political candidate, staffer or volunteer – you are a target. It’s vital that you take steps to protect yourself.

The Cyber Centre has advice to help you protect your cyber security Cyber securityThe protection of digital information, as well as the integrity of the infrastructure housing and transmitting digital information. More specifically, cyber security includes the body of technologies, processes, practices and response and mitigation measures designed to protect networks, computers, programs and data from attack, damage or unauthorized access so as to ensure confidentiality, integrity and availability. and deal with cyber threats. The following guidance isn’t all you need, but if you follow this advice, you can help make your campaign more cyber secure.

How cyber threat actors target you:

Cyber threat Cyber threatA threat actor, using the internet, who takes advantage of a known vulnerability in a product for the purposes of exploiting a network and the information the network carries. actors looking to interfere in our elections may attempt to:

  • hack your accounts, including:
    • hijacking your social media accounts
    • leaking campaign secrets, plans or internal communications
    • blackmailing or embarrassing you using sensitive information
  • discredit your campaign or platform by creating impersonation and parody accounts and spreading disinformation
  • steal personal information or financial details

You and your campaign are a target. Protect your campaign from a cyber security compromise CompromiseThe intentional or unintentional disclosure of information, which adversely impacts its confidentiality, integrity, or availability. and the complications that often accompany it.

 

Practical steps to increase your cyber security

Secure your campaign by taking these practical measures.

Use strong and unique passphrases or passwords

Passphrases and passwords should be unique and complex. Each account, website or device should have its own strong individual passphrase or password. Don’t share your password. Only change your password when there’s a good reason to do so, like if you think you’ve been compromised.

Enable multi-factor authentication

Multi-factor authentication Multi-factor authenticationA tactic that can add an additional layer of security to your devices and account. Multi-factor authentication requires additional verification (like a PIN or fingerprint) to access your devices or accounts. Two-factor authentication is a type of multi-factor authentication. (MFA) adds another line of defence against someone hijacking your account. It works by combining at least two items of authentication AuthenticationA process or measure used to verify a users identity. , such as:

  • something you know (password or PIN)
  • something you have (a smart card or a security key)
  • something you are (biometric features like fingerprint or face scan)

Secure your mobile device with a passcode or other form of identification

If your mobile device is lost or stolen, a passcode or another form of identification, like a fingerprint, will be the only thing protecting your information. Most devices automatically encrypt the information on them once you’ve enabled the PIN or passcode, further protecting your most sensitive information.

Regularly update your devices and systems and install security patches

Updates and patches don’t just fix bugs or improve usability or performance, they also address known security vulnerabilities. Unpatched devices and systems can provide opportunities for cyber threat actors to infect your devices or gain access to your information.

Secure your social media and email accounts

Many candidates have a campaign manager or other support staff with access to their accounts. Know your options for delegating authority (what to do when you need multiple users to access one account). Use as many security settings as you can, such as multi-factor authentication, for each social media platform.

Watch out for malicious messages

Phishing PhishingAn attempt by a third party to solicit confidential information from an individual, group, or organization by mimicking or spoofing a specific, usually well-known brand, usually for financial gain. Phishers attempt to trick users into disclosing personal data, such as credit card numbers, online banking credentials, and other sensitive information, which they may then use to commit fraudulent acts. messages target a group of people by simulating a legitimate message from a trusted sender. Spear-phishing messages are tailored to you based on your work, your interests or personal characteristics.

Be aware if the message seems out of character or off topic for the purported sender. Call them to verify they sent it before opening. Never click on links or open attachments unless you are certain you know who sent them and why.

Log out of accounts on shared desktop computers

If you log into any of your social media accounts on a shared computer, make sure you log out and never save your username and password. Don’t access your accounts from untrusted devices like hotel business stations, which may be infected with malware MalwareMalicious software designed to infiltrate or damage a computer system, without the owner's consent. Common forms of malware include computer viruses, worms, Trojans, spyware, and adware. .

Regularly review your account and recovery settings

Your social media and email accounts have a section for account recovery and password resets. Check them regularly to make sure they have up-to-date contact information and security questions. Make your privacy settings as high as possible.

Back up your information

Back up your campaign information in case you become a victim of ransomware RansomwareA type of malware that denies a user's access to a system or data until a sum of money is paid. . Know how to recover vital information if your device is damaged, lost or stolen.

Avoid using free Wi-Fi

Free or unprotected Wi-Fi may be convenient, but it is relatively easy for anyone else on the network to eavesdrop. Don’t access your email, social media accounts or sensitive accounts from free or unprotected Wi-Fi. If you choose to use free or unprotected Wi-Fi, do not type any sensitive information while you’re connected. This guidance applies in particular to the login credentials for your campaign accounts.

Date modified: