Cybersecurity attackers work pretty much like we all do – finding the easiest way to get the job done. You can have the most sophisticated security measures in place and use the most sophisticated technology, configured correctly and adherent to all regulations and policies, but if your team is not security-savvy, attackers will easily find the easiest path through the weakest link.
In too many cases, an election business can be compromised when an attacker tricks a volunteer or a staff member into sharing important information, such as their login credentials to a critical system. Once this happens, it’s game over. The threat actor now has a way to bypass every meticulously implemented defense.
What Is Social Engineering and How You Can Avoid Being a Victim?
Unfortunately, the methods of going through human gatekeepers to infiltrate parts of the election business are becoming even more sophisticated. Using social engineering like a well-orchestrated phone call or carefully crafted and convincing phishing emails attackers lure unsuspecting workers to open doors without even realizing it’s happened.
The adage that we can only control what we can control holds true in this case, and while it can be disheartening and discouraging, it also offers some hope too. We may not be able to control the actions of other people, but we can arm them through education, provide them with knowledge, and influence positive behaviors.
Make Election Security Education Part of Your Cybersecurity Strategy
Elevating the importance of election security education and training can go a long way in improving election security. When the entire election team understands their role as gatekeepers in keeping the election technology, environment and process protected against cyber criminals, they form a powerful line of defense.
Here are some of the key things you can focus on when shaping your team’s security understanding:
- Knowing what motivates attackers
Understanding what cyber criminals want to achieve can help election staffers and volunteers inherently know what needs to be protected.
- Combining curiosity and skepticism while delivering friendly customer service
Our staff members aim to be as helpful as possible. It’s what makes them good at their jobs, and sadly what attackers rely on. Teach your team to ask questions and use curiosity to make sure attackers have to work harder to trick us. Friendly push back and asking “why” can sometimes be the best defense for social engineering attacks.
- Being familiar with your Incident Response Plan
Ensure that everyone knows how to identify an attack, how to report it and how the entire organization will respond, including communicating to the media and public.
This is only a partial list, but it is a start in the right direction. Security can’t be isolated to technology, and responsibility can’t remain with only a few people. It takes the whole team of human gatekeepers to stop the attackers we face. Security must be part of everyone’s job responsibilities because attackers can target anyone.
Sign up for CyberDefenses upcoming training for Election Officials.