In the wake of hackings in the last election cycle of 2016, the issue of cyber security and political campaigns has come to the forefront. Both the Republican National Committee and the Democratic National Committees are making significant investments to help prevent hacking in the 2018 election cycle. However, every day new data breaches and hackings are announced. Just recently a Republican phone polling firm announced a hacking that involved the compromise of hundreds of thousands of GOP donors personal information. The hacking of the Democratic National Committee in the 2016 election is well documented in the media. Cyber security is an urgent issue for campaigns, parties and candidates at all levels. We’ve written about the importance of a WordPress Maintenance program for campaign websites. But equally important is the securing of campaign social media accounts which are often the gateway upon which hackers enter campaigns and cause havoc.
How can you keep your campaign social media accounts safe? Here are 4 security tips to implement now.
Strong Password Management
In analysis of passwords by security companies, “1234” and “password” remain the two most popular passwords. Strong passwords are one of the only things that stand between your campaign’s social media accounts and hackers. Weak passwords are often created and unchanged in order that they are easily remembered by staff. While this is understandable, investing in a password manager such as Last Pass or 1Password is critical to keeping your passwords strong, safe and secure. These tools make it easy to create strong passwords through a random password generator and stores them in an encrypted vault. They also take away the hassle of continuously logging in. A password manager ensures your passwords are strong and changed frequently and not misplaced. You want to keep the hackers guessing, and managing your passwords on a consistent basis is the best way to do it.
In addition to proper management of your passwords in a password manager, be sure that you use different emails than your campaign email to sign up and manage your social media accounts. If possible utilizing different emails for different accounts ensures, that if one email is hacked into, not all of your social media accounts are compromised.
Limit Access to Your Social Media Accounts
Controlling access to your campaign social media accounts is vital. Limit access to your social media accounts to as few people as possible. Manage your social media accounts through a management system like HootSuite or Buffer. These systems allow you to grant access to social media accounts to staff without disclosing sensitive account information such as security and privacy settings. You can also limit which social media accounts that they have access too.
If you have a large team posting for you, consider narrowing it down. Consider asking your social media team to send posts, written text and graphics to a special inbox or Dropbox and let one person have access to the actual accounts. In the rough and tumble word of politics and campaigns, don’t give full access to accounts to anyone without great consideration. Unfortunately, hackers don’t always come from the outside, but can be a rogue or disgruntled former staff member.
Be sure that you have a software such as LogDog that alerts you before a social media account is compromised through its scanning for a variety of unauthorized-access indicators. Its alerts allow you to take back control of your social media accounts quickly.
Two-step Authentication
Two-step (two-factor) authentication protects your accounts by requiring users to provide an additional piece of information after they enter the password to get into your social media account. The most common method of two- step authentication occurs over text messaging via cell phone. After putting in the password correctly, the social media platform will send out a specific code to the cell phone number on file. That code is then entered to log into the social media account. By enabling two-step authentication and having a particular code and cell phone number on file for your social media account, it is less likely to be hacked even in the event that someone gains access to your password. When two-step authentication is in place, if a social media account is accessed from an unknown device or IP address, the administrator will automatically get an alert notifying them of an unauthorized attempt to access the account.
The most popular social media platforms such as Facebook and Twitter offer two-step authentication and instructions for locking down the accounts. Most of the other social media platforms work basically the same way with a little nuance to each.
Two-step authentication is one of the best ways to make sure your accounts aren’t compromised.
Manage Your Privacy Settings
Be sure that you check the security and privacy settings for all of your social media accounts on a routine basis. These settings help you to manage your online experience on these platforms. For example, Facebook’s privacy settings allows you to control who sees what you post from your account and customize your default settings for posts. As a campaign, there may be posts you would prefer you weren’t tagged in. With Facebook’s Tag Review and Timeline Review options, you can decide if you want a post to be published prior to it showing up on your timeline.
Facebook, Twitter, Instagram, and other social networks adjust their privacy policies and security settings frequently. The platforms update these policies to keep your profiles secure. Keep up to date and follow all the new privacy and security policy changes on a regular basis. Enabling these policy changes may make life more difficult for the next person who tries to hack your campaign.
Need more help?
We offer social media training for candidates and campaigns, including in the area of security. Contact us here or via Facebook Messenger. Or sign up for our newsletter to get the latest tips here.