Political organisations and election candidates have become targets for threat actors that wish to disrupt and interfere in the democratic process. This can be part of a wider hybrid campaign to influence voters. Cyber attacks that target election candidates or organisations can be very damaging to the candidate themselves, the political party they represent, or to society’s overall trust in the democratic
process. This guidance aims to raise awareness of cyber threats to democratic processes and institutions, and to help prevent attacks on both organisations and individuals.
What does this document cover?
This advisory is focused on cyber security issues which pose a risk to the security of the electoral process. It should not be considered as a comprehensive guide for the overall security of an individual candidate or political parties’ data or systems. This advisory recommends implementing identity and access management policies, enhancing website security, preventing spoofing, educating constituents about misinformation, and preparing for ransomware and deep-fake attacks to safeguard the integrity of elections.
Securing your accounts
You or your team’s personal accounts are prime targets for attackers. If compromised, attackers could access your stored information. If possible, you should prioritise the use of corporately managed accounts and devices for professional tasks, as they benefit from centralised management and enhanced security measures. If you do not have access to such software, implementing the following
measures can still greatly reduce this risk.
- Use of strong passwords: Create complex passwords by using a minimum of 12 characters which include numbers and symbols to increase complexity. Alternatively, use three random words and make each password unique for every account, especially for critical accounts like email, social media, and online banking. Consider using a password manager to help you remember these
different passwords. - Multi-Factor Authentication (MFA): MFA should always be used when logging into internet facing accounts – this could be an app or website, or an email account. Use an authentication app like Google Authenticator or Microsoft Authenticator. MFA adds an extra layer of security, ensuring that even if an attacker knows your password, they still cannot access your account. If multi- factor authentication is not enabled, it is entirely possible for an attacker to use stolen credentials or to ‘brute force’ access to an account by simply guessing a password.
- Social media use: You should check for unusual logins. Set up notifications to send a text or email alert when your account is
accessed from a new device or location. Exercise caution when sharing personal information publicly. Review your security settings to control who can view your information. Avoid accepting message requests from unfamiliar accounts; consider calling to verify their identity first. Please refer to the individual social media guides linked to on the Coimisiún na Meán site.
Views: 0
