With the new year we want to remind you about the importance of cybersecurity. Keeping your campaign or organizing unit's data secure is an important part of building infrastructure. Whether this is your first or fiftieth campaign, cybersecurity is as important as ever.
There are four main types of security threats:
The best thing you can do to prevent a virus from infecting your device is to keep it up to date at all times.
Make sure that all your phones, tablets, and computers are set to automatically update. If you ever get a notification that tells you to restart your device, you should do it right away. This is because the manufacturer is constantly testing their systems and making repairs. If Apple or Microsoft have identified an issue, it is more than likely that less-friendly actors also know about it too, and will try to exploit it before you get your device updated.
We also recommend that you encrypt your laptop disk. You can find instructions on how to do that here for Windows computers and here for Macs
Lastly, we recommend you use Chrome for web browsing both on your laptop and phone, with the following extensions installed: [links]
The best thing you can do to prevent an account breach is using long, randomly generated passwords, utilizing two-factor authentication wherever possible, and being alert for phishing emails.
The most common mistake in data security is using weak passwords, or reusing the same password on multiple websites. This is why we recommend a password manager. The DNC specifically recommends LastPass or 1Password.
With a password manager, you set one master password and then allow the manager to generate long, random passwords for all the websites you visit. The great thing is, in addition to being more secure, it’s super easy because you only have to know the one password! You can find LastPass here and 1Passowrd here.
If you opt not to use a password manager, do not use the same password across multiple sites. This is because, if one site is hacked, hackers will use that password on all your other accounts, betting that you used the same one elsewhere. Outsmart them. Don’t reuse passwords.
Two-factor authentication means that, in addition to your password, there is a second code that is randomly generated and sent to you. This can be via email, text message, another device or an authentication app.
Authentication apps are the most secure because they cannot easily be intercepted like a text or an email. The DNC recommends Authy (found here) because if your device is lost or stolen you still have access to your codes. Google Authenticator (instructions here) is also acceptable, but beware that it might be difficult to access your accounts if your device is lost or stolen.
You should set up two-factor authentication on all accounts where it is offered, both for personal and campaign-related accounts. This includes, but is not limited to:
Phishing attempts are when an actor who wants to steal your account info poses as another website or someone you know to get you to click a link or hand over passwords. We’ll go over some of the basics on how to spot phishing here.
First of all, no reputable website will ever ask you for your password. If a person claims to need your password to assist you with something, they are definitely not who they say they are, and you should not respond.
Other phishing attempts are more sophisticated. For example, many phishing emails look like they come from someone you already know.
For example, here is an email purporting to be from Wells Fargo.
Can you spot the signs of a phishing attempt?
When in doubt, email email@example.com!
Device Loss and Theft
The best thing you can do to prevent theft is to keep your device on you at all times and set strong passwords.
Much like passwords on your accounts, you want your passwords on your laptop and smartphone to be as strong as possible so if your device is stolen, hackers can’t get in.
Of course the best thing to do is to keep your device with you at all times. With most of us working from home, this should be less of an issue, but if you do go out, keep your device locked and on your person.
The best thing you can do to prevent eavesdropping is to encrypt your communications.
The DNC recommends Signal for encrypted communications. All DFL employees should be using Slack for work purposes.
When joining conference calls, use your laptop, or use the Zoom/Goole Meets app on your smartphone phone. Do not call in with your phone number.
If you have not already, please fill out this form to ensure all your devices are up to date and you have the tool necessary to keep DFL data safe.
Thank you for sticking with this critically important topic. As always, we wanted to highlight a few more articles in our knowledge base:
As always, please direct any questions about VAN, ActionNetwork, or other data needs to our team at firstname.lastname@example.org. We are available to answer your questions and are happy to find time to meet as needed!