Information Security Matters
Information systems security is of utmost importance, especially within political campaigns where protocols are rarely followed and security breaches are common. Following the guidelines listed below will help prevent a breach and deter potential security risks that can cost you valuable time, money and the election if you’re not careful.
Access Control: All users should have their own accounts to database applications. Only users with a need to access the information should have access to these applications. The access should be the minimal access needed to perform their duties (i.e. a grassroots coordinator should not have the ability to access or export contribution details).
Passwords: All passwords should be alphanumeric (include letters, numbers and symbols) and be at least 8 characters in length. Passwords should be used for all networks, computers, cellular phones and wireless access points.
General Security for all Devices and Networks:
1. Allow trusted software updates on all devices daily (both computers and smart phones).
2. Use virus protection and spyware protection. All users must accept the updates daily.
3. Users should not be the administrator on their own devices. Set each user up as a non-administrator user so that they cannot turn off their automatic updates and so that the campaign technology administrator has access to user data if needed.
4. Change passwords on all devices regularly (every 10 – 30 days is recommended).
5. Turn off communications channels that are not in use, such as Bluetooth for mobile devices and only enable the protocols that you are using on printers and copy machines.
6. Ensure firewalls are enabled on all computers.
7. Lock all devices after 10 minutes of inactivity; all users should manually lock their device when they step away.
8. Unpublish the SSID on the wireless router.
9. Select WPA2 encryption for the wireless router.
10. Enable the firewall on the wireless router.