A computer security tip for those campaigning in the UK general election

Don’t be a Podesta.

A computer security tip for those campaigning in the UK general election

Against a backdrop of a highly divisive decision for the UK to leave the European Union (better known by the ghastly word “Brexit”), British Prime Minister Theresa May has called a snap general election for 8 June.

I’m not going to get into my views as to whether the UK should leave Europe or not (you can read my Twitter account if you want to know my feelings about that), but here’s some important piece of advice for anyone working for a political party on its election campaign:

Think before you click

As we saw during the US election campaign, those working on election campaigns can be remarkably lax when it comes to their online security – reusing weak passwords between different sites, being duped by phishing emails, having their social media accounts hijacked and – most damagingly – having their private email conversations and documents stolen and leaked to the media.

It’s probably unfair to focus on one particular individual’s security snafu that may have influenced the US election, but hey… it seems clear that the hack of Hillary Clinton’s campaign chief John Podesta was enormously damaging, and made things easier for the Trump team.

This is the bogus email that Podesta received from a cybercriminal gang hell-bent on cracking into his webmail account.

Podesta phish 3

If you’re campaigning in the UK election, don’t be a Podesta.

Whatever political party you are fighting for, ensure that you’re careful to use strong, unique passwords, that you have enabled two-step verification on your online accounts where possible, that you are always cautious about clicking on links and unsolicited email attachments, and wary of entering your passwords on sites that may be attempting to phish you.

Check out our recent “Smashing Security” podcast for more tips on securing webmail accounts to prevent your private emails making the headline, and perhaps derailing your campaign.

Smashing Security #014: 'Protecting webmail'

Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

2 comments on “A computer security tip for those campaigning in the UK general election”

  1. Ethical Hacker

    Thanks for this Graham, I do wonder why their is radio silence regarding the hacking of the postal vote website? There has been a large amount of electoral postal fraud over the years, and not much commentary on it. I'm very curious to understand how we are protected, were there no forensics on the matter, the US government and law enforcement are a lot more transparent than our own, if you reflect on the past 6 months. I bet there were not, cyber security in England is always seen as secondary until something bad happens. I would ask, were there intrusion detection systems? were those logs monitored in real-time through a SOC? I doubt it very much. It will be classed as SECRET and no one can whistle-blow; as the Official Secrets Act does not protect Whistle-blowers. All speculation of course. I would ask though, that if PCI-DSS for the banks is good enough to protect our money, why is there no equivalent for Government systems. The Ritz balcony case law (think ISO 27001 as well as prescriptive good practices from PCI) for standards would be an interesting comparison in this case, possibly.

  2. Jim

    Decided to invest in a ETF which invests in cybersecurity.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.