Fact sheet for Canadian political campaigns: Protect yourself online

From: Canadian Centre for Cyber Security

Related links:

Key targets of Canada’s democratic process

Political parties, candidates, and their staff vie for attention and support in elections, relying heavily on the Internet, which they use to organize themselves and communicate with voters.

Globally, political parties, candidates, and their staff remain attractive targets for cyber threat activity targeting elections.

Cyber threat actors use a variety of techniques to target the websites, e-mail, social media accounts, as well as the networks and devices of political parties, candidates and their staff. They may steal information and then release it to the public for the purpose of embarrassing or discrediting the political party or candidate. They may also use tools like generative AI to create and spread disinformation about candidates.

Five simple ways to protect yourself

There’s plenty you can – and should – do to protect yourself against cyber security breaches. Here are five basic rules everyone should follow to make themselves a harder target.

Practice good password etiquette

  • Use unique passphrases or complex passwords.
  • Keep passwords and passphrases private - Don’t share them.
  • Don’t use the same password for multiple accounts, websites or devices.
  • Use multi-factor authentication (MFA) when available.

Apply updates to your mobile devices, computers and applications

  • Updates are crucial to your security as they contain security patches. Don’t ignore them.
  • Be sure to apply updates to your mobile applications in addition to your device operating systems.
  • Set up automatic updates.
  • Schedule a mandatory training session in which all campaign members update their devices and applications.

Secure your social media and email account

  • Use different passwords and passphrases for each account.
  • Activate as many security options as you can, such as MFA, for each social media and email platform.
  • Review and adjust privacy settings as needed.
  • Know your options for delegating authority (what to do when you need multiple users accessing one account).

Be on guard for phishing and spear-phishing messages

  • Verify email addresses and senders. If you receive an unusual email from your campaign manager or candidate. for example, call or text them to verify its legitimacy.
  • Look out for grammatical errors or typos.
  • Consider the tone of the email and what is being requested. Be wary of threatening or urgent emails requesting sensitive information.
  • Don’t click on suspicious links or attachments.
  • Use anti-virus or anti-malware software on computers.

Store your data securely and know your back-up procedures

  • Use only new USB memory sticks purchased by the campaign team. Use them for campaign-related work only. Do not use them on untrusted computers.
  • Secure data stored in the cloud or online by turning on the available security features, such as MFA. Consider storage solutions with restricted access.
  • Back up your vital campaign information and know where you have it backed up.
  • Practice recovering your data at least once. This way you’ll know what to do if you become a victim of ransomware.
Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: