It seems that not a week goes by without an announcement by some large institution that its data has been compromised. Most know about hacks at major megabrands like eBay, Equifax, Target and Uber. Perhaps less known are cybersecurity attacks at major institutions of higher education, where hackers seek to capture sensitive academic and research data. But the challenges from hackers and trolls don’t stop there. Today they even target our political and election process.
The upcoming mid-term elections in particular pose an especially juicy target for hackers who want to disrupt our democracy, defame candidates, tinker with vote counts, or just create chaos.
All of the major presidential candidates were cyberattacked in 2016, and Donald Trump’s campaign website sustained 500,000 attacks per day, by one account. With mid-terms imminent, Facebook says it has created a war room to battle fake news, foreign interference, spam, “efforts to prevent people from voting,” and out-of-bounds content.
While House and Senate races may not attract the same level of hacker interest as the presidential elections, no campaign is safe.
Protecting your candidate or cause
As with any brand, today any political candidate is vulnerable. Last October, U.S. Senate candidate Roy Moore of Alabama saw his Twitter following nearly double to 47,000 in less than a week in what’s been dubbed “a Russian bot farce.” Many of the followers had Russian names, used Cyrillic characters, and used photos of famous singers.
By the end of the campaign, bots following Moore were tweeting more than 40,000 times per minute, attacking Moore’s alleged sexual misconduct victims, and flooding news sites with negative comments tagged with #fakeyearbook—a reference to Roy’s defense.
The chaos put both sides under a cloud. Trippi & Associates worked for Moore’s opponent, Democrat Doug Jones. Our response was flagging the issue for the press in the first place, proving our side had nothing to do with the debacle, and arguing successfully that a troll farm supporting Moore had broken the Twitter user agreement and terms of service. Moore ultimately won the race and is now a U.S. Senator.
Change behavior first
Political campaigns can learn from the lessons learned by major brands and academic institutions: Practice good habits, get good technology, and prepare themselves for the likelihood their defenses won’t be bulletproof. Nobody’s are.
Behavior is as important as technology, and it’s easier to fix before Nov. 6. If careless or unaware employees are growing security vulnerabilities for businesses, imagine trying to enforce cyber vigilance in the heat of a fast-breaking election campaign. Presented with seductive links, the tendency is to click and cross one’s fingers.
But whether you run a business or campaign, you can plant basic knowledge in workers and dramatically enhance their awareness without undue effort. Make messages simple, big and bold.
The advice is the same for the campaign worker as it is for any employee.
Protecting both the brand and the ballot box
From this experience and similar attacks, we’ve learned several key lessons for effectively protecting candidates’ reputations:
Create a social media army. We often counsel brands to invest in building an online community that can speak in support of the brand in times of crisis. For Jones, we had built, organized and energized an army of real-life supporters who could flood the zone with an authentic social media response to the bot invasion and other attacks.
Practice rapid response. For brands, we often work with them to go through simulations where sensitive data is compromised. In the Jones campaign, their army was ready because we had planned and practiced.
Take fake news seriously. It’s tempting to laugh off fake news and focus on more substantive issues, but unfortunately, setting the record straight won’t happen by itself. You have to call out fake news and reaffirm your brand.
Real beats fake every time. When you go out in the world and tell the unvarnished truth, falsity is exposed for what it is. Tell constituents and the media, “Here is what actually is happening. Here is the true news.”
Go dark if necessary. If a hacker has successfully penetrated your servers, shut them down. If someone has taken over your social media accounts, shut those down, too. While your IT team or social media platform is addressing the problem, get on the phones or out in the community to continue your work.
Don’t scrimp. While campaign budgets are always tight, include cyber security, crisis planning, training, and practice in your campaign budget.
Clearly, in this new world of elections, campaigns need to defend their operations and reputations more aggressively than ever and in entirely new ways. Despite time and resource restrictions, campaigns don’t have to be helpless in the face of cyberattacks, fake news and other mischief.
Even if you’re not working a campaign, most of these lessons apply. Whether you run a business, nonprofit, government agency or higher education institution, stay vigilant, encrypt everything, fight back—and always tell the truth.
Andrea “Andy” Coville is CEO of Brodeur Partners, a communications agency with a deep background in IT security and brand management.
Joe Trippi has been at the forefront of movement politics for 30 years and is a partner at TNR Campaigns, a political strategy and creative agency.