The Belfer Center at the Harvard Kennedy School of Government has published a nonpartisan Cybersecurity Campaign Playbook, as part of its Defending Digital Democracy project (previously, "designed to give you simple, actionable information that will make your campaign’s information more secure from adversaries trying to attack your organization—and our democracy."
Don't miss the one-page handouts for staffers and their families (!).
Top Five Checklist 1. Set the Tone: Take cybersecurity seriously. Take responsibility for reducing risk, train your staff, and set the example. Human error is the number one cause of breaches.
2. Use the cloud: A big, commercial cloud service will be much more secure than anything you can set up. Use a cloud-based office suite like GSuite or Microsoft365 that will provide all your basic office functions and a safe place to store information.
3. Use two-factor authentication: Require 2FA for all important accounts, including your office suite, any other email or storage services, and your social media accounts. Use a mobile app or physical key for your second factor, not text messaging.
4. Create strong, long passwords: For your passwords, create SOMETHINGREALLYLONGLIKETHISSTRING, not something really short like Th1$. Contrary to popular belief, a long string of random words without symbols is more difficult to break than something short, with L0t$ 0f $ymB01$. A password manager can help, too.
5. Plan and prepare: Have a plan in case your security is compromised. Know whom to call for technical help, understand your legal obligations, and be ready to communicate internally and externally as rapidly as possible.
Cybersecurity Campaign Playbook [Belfer Center/Harvard Kennedy School]
(via 4 Short Links)