Episode 3 - Locking Down Your Campaign Security
The 2016 Election Cycle revealed just how vulnerable many campaigns are to hacking and other cyber threats. But even as they have become more aware of the importance of cybersecurity, many small businesses and campaigns continue to put their data at risk. Election University host Jason Bennett speaks with industry professional Benjamin Caudill to learn about security tools you can implement today to make your personal and campaign information three-to-four times more secure. Benjamin works as a security penetration tester and CEO of Rhino Security Labs. He specializes in locating and resolving security vulnerabilities of companies large and small. In today’s episode, we will talk with Benjamin about critical new trends in hacking, and how this puts everyone—even small campaigns or individuals—at risk.
Later, we’ll discuss common mistakes you could be making with your own security and review tools like Two-Factor Authentication, disk encryption, VPNs, and other simple steps you can take to increase your safety online. This episode is critical to your personal and campaign security—don’t miss it!
Tools discussed in this podcast: WordPress is a tool to create a free website or blog. It is commonly used among political campaigns but it can be vulnerable to cyber threats. One plugin that can help keep your data safe is WordFence. WordFence will mitigate a lot of the low-level vulnerabilities on your site. WordFence is a free plugin that blocks attacks with a Firewall, scans your system, and alerts you to security issues.
Two-Factor Authentication is used to prove that you are who you say you are when you log on. It is an additional step beyond username and password, often a code that is texted to your phone that you have to type into the login screen. If your password and username are stolen, the hacker still cannot access your account without the code sent to your phone.
Password managers with encrypted database can increase your password and cyber security. Because you use only one password to access the manager, you can choose stronger, more complicated passwords without risk of forgetting. This keeps you from using the same password over and over or having very simple, easy-to-guess passwords.
Dashlane: a password manager with encrypted databases with free and paid versions.
LastPass: A password manager with free and paid options. It has an encrypted database and auto-fill across devices.
If someone stole your un-encrypted laptop, they could remove the hard drive and read the data locally stored on the machine without even logging on. To combat this, you can download a free product that encrypts the data stored locally on your hard drive. This technology is very well tested from a security standpoint. One such product is VeraCrypt, a free disk encryption software by IDRIX.
Messaging Security on Cell Phones: Signal v. WhatsApp v. Native texting:
Apps like Signal encrypt the data on your phone itself, rather than sending it to storage in the cloud. Signal works at its best if it is being used by both sides of a text conversation. Signal is free and can be downloaded onto Android, iPhone, or your Desktop
WhatsApp: Better than native text messaging, but not as secure as Signal. It an be downloaded onto iPhone, android, or desktop. WhatsApp uses end-to-end encryption, so not even WhatsApp is able to read them.
You can learn more about Benjamin and his work Rhino Security Labs at RhinoSecurityLabs.com.
You can listen to the show right on the website here or by subscribing in iTunes, Apple Podcasts, GooglePlay, Spotify, Stitcher, Soundcloud, and more! If you do subscribe, please leave us a rating and review. We love the feedback! If you'd like to hear a particular topic on our podcast, please email firstname.lastname@example.org.