Against a backdrop of a highly divisive decision for the UK to leave the European Union (better known by the ghastly word “Brexit”), British Prime Minister Theresa May has called a snap general election for 8 June.
It's extraordinary how far Theresa May will go to avoid having to be at that state dinner with Donald Trump…
— Graham Cluley 🇺🇦 (@gcluley) April 18, 2017
I’m not going to get into my views as to whether the UK should leave Europe or not (you can read my Twitter account if you want to know my feelings about that), but here’s some important piece of advice for anyone working for a political party on its election campaign:
Think before you click
As we saw during the US election campaign, those working on election campaigns can be remarkably lax when it comes to their online security – reusing weak passwords between different sites, being duped by phishing emails, having their social media accounts hijacked and – most damagingly – having their private email conversations and documents stolen and leaked to the media.
It’s probably unfair to focus on one particular individual’s security snafu that may have influenced the US election, but hey… it seems clear that the hack of Hillary Clinton’s campaign chief John Podesta was enormously damaging, and made things easier for the Trump team.
This is the bogus email that Podesta received from a cybercriminal gang hell-bent on cracking into his webmail account.
If you’re campaigning in the UK election, don’t be a Podesta.
Whatever political party you are fighting for, ensure that you’re careful to use strong, unique passwords, that you have enabled two-step verification on your online accounts where possible, that you are always cautious about clicking on links and unsolicited email attachments, and wary of entering your passwords on sites that may be attempting to phish you.
Check out our recent “Smashing Security” podcast for more tips on securing webmail accounts to prevent your private emails making the headline, and perhaps derailing your campaign.
Smashing Security #014: 'Protecting webmail'
Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...
Thanks for this Graham, I do wonder why their is radio silence regarding the hacking of the postal vote website? There has been a large amount of electoral postal fraud over the years, and not much commentary on it. I'm very curious to understand how we are protected, were there no forensics on the matter, the US government and law enforcement are a lot more transparent than our own, if you reflect on the past 6 months. I bet there were not, cyber security in England is always seen as secondary until something bad happens. I would ask, were there intrusion detection systems? were those logs monitored in real-time through a SOC? I doubt it very much. It will be classed as SECRET and no one can whistle-blow; as the Official Secrets Act does not protect Whistle-blowers. All speculation of course. I would ask though, that if PCI-DSS for the banks is good enough to protect our money, why is there no equivalent for Government systems. The Ritz balcony case law (think ISO 27001 as well as prescriptive good practices from PCI) for standards would be an interesting comparison in this case, possibly.
Decided to invest in a ETF which invests in cybersecurity.