Basic Cybersecurity when Implementing AI

Robust use of AI and cybersecurity go hand-in-hand. Securing your campaign with basic and effective cybersecurity measures combined with administrative controls, will go a long way in establishing a secure framework for your organization. This includes:

• Enforce the strongest forms of multi-factor authentication: People and accounts are the number one target of bad actors looking to compromise or breach your campaign. Ensuring that logins are locked down as tightly as possible is the most important security step you can take.
  • Require passkeys and/or strong multi-factor authentication on all primary accounts: Passkeys are encrypted digital credentials that reside on a device and are virtually phish resistant. They are free and provide the strongest account security available. Microsoft, Google and other services have passkeys available for account protection. 100% of your team should be using passkeys on their core accounts as well as with any other service provider that offers them. 
  • Turn on additional protections for high risk users: Anyone in politics or associated with a campaign (including family and friends) are considered high risk technology users by leading technology companies and cybersecurity experts. Recognizing this increased risk, companies have created services that provide account protections. Microsoft has a service called Microsoft AccountGuard, and Google has their Advanced Protection Program. Both are free and easy to enroll in. 

• Administrative Controls: Below are additional recommendations for your account administrators and/or IT advisors to take to safeguard your environment ahead of rolling out AI. 

• Limit Data Exposure: Share only the minimum data AI needs to perform the task. Avoid entering sensitive campaign information into public AI tools. Enterprise AI tools generally offer stronger protections, but controls still vary by tenant settings (e.g., prompt/log retention, model training/telemetry, and who can access or share outputs), so confirm your configuration before using sensitive inputs. In some cases, you may need to ‘opt-out’ or turn-off data sharing to improve a tool’s models. 
• Create a Data Classification System and Share with Care: Many of your existing tools allow you to classify or apply sensitivity labels to your organization’s documents that can help manage how those files are shared or used by an AI tool. Administrators can customize settings that allow or prevent certain documents from being shared both internally or externally which can impact if the file can be used with an AI tool. 
•  Enable Role-Based Access: Ensure access to AI capabilities and underlying data is matched to the roles and responsibilities of the staff members on the campaign. Create a user profile for general AI use of all staff that is consistent with your acceptable use policy and matches well with the work they will be doing. 
• Consider watermarking or labeling: If using AI to generate or enhance images, videos or audio files, consider applying digital watermarks or content credentials that embed metadata denoting the presence of AI-generated content that can be verified by platforms or users downstream.