Search

Creating a Culture of Cybersecurity (2 minute read)

Article author
Betty Fleming
  • Updated

Staffers, volunteers, and others associated with the campaign are on the cybersecurity frontline. Bad actors will target them. The actions they take- protecting accounts, avoiding phishing attempts, using encrypted communications- are essential to protecting the campaign. They need to be aware of the importance of these measures and that bad actors will target them to compromise the campaign. 

When team members do the right things, they are your biggest asset in cybersecurity. When they don't, they could also be one of your biggest risks.

Creating a culture of cybersecurity has a few key elements, including:

  • Leadership: People join campaigns and political organizations because they believe in the candidates and policy goals. Connecting a candidates or organizations success to actively engaging in cybersecurity is a key to motivating factor. No one wants to the "that person" that caused a cyber incident and harmed a campaign or organization.
  • Create a non-punitive reporting environment: Staff can be one of your best early warning systems. They will be the first to see the phishing emails and social posts. Everyone should know when and to whom any potential cyber incidents should be reported. Since some cyber incidents involve mistakes--for example, clicking on a suspicious link or losing a device--make sure everyone understands that mistakes will happen, and that the sooner an incident is known, the better. It should be clear that the result of reporting is safety and security, not discipline.
  • Where to get help: Everyone on the campaign should be aware of where to turn if they have questions about cybersecurity. You need to maintain an atmosphere that there are no stupid questions when it comes to cybersecurity.
  • Training is a good place to start: You don't need a formal training program. You will need to find ways during onboarding or at other moments to reinforce the expectations you have around cybersecurity and to be sure people know how to use the cybersecurity tools you have given them.

 

Learn more: Training Resources, Securing Personal Accounts, Securing shared accounts, Creating Cybersecurity Policies

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.