CYBER SECURITY GUIDELINES & BEST PRACTICES
QUESTIONS? ISSUES? firstname.lastname@example.org
Remember, email is inherently insecure. Never email sensitive information, such as passwords or personal information like credit card numbers, passport numbers, social security numbers and birthdates. DO NOT open attachments or click links in emails unless you know the sender and are expecting it. If in doubt, contact the sender.
PASSWORD and ACCOUNT MANAGEMENT
For all accounts, work or personal, enable two-factor authentication (2FA). Use this website twofactorauth.org to see which services support 2FA and for instructions on how to enable it. Authentication apps (like Google Authenticator) are better than getting a text message so if that is available set it up. Examples of accounts you should enable 2FA on are:
- Apple ID (iCloud)
- Google account
- Office365 / OneDrive
- Your bank account
Do not use the same password on more than one account; that is, each account of yours should use a unique and strong password. “Strong password” means at least 12 characters in length, includes lowercase and uppercase letters, at least one number (0-9) and one symbol. Your password should not include dictionary words. Use a password manager like LastPass to keep track of your passwords and to generate unique, hard to guess passwords for each site you use.
UPDATE SOFTWARE and APPS
Many updates you see are for increasing security and fixing security holes that could be exploited, so be sure to always install updates to your operating system, software, phones, and apps.
Avoid sending attachments if possible. Instead, use a file sharing service like Dropbox, OneNote, or Google Drive and share that way. When being shared a file, don’t click on the link directly – instead log into the file sharing service and find the section to view files shared with you.
Phishing attacks, in which an attacker impersonates someone you know and attempts to trick you into giving them something, are becoming more and more common. Examples of phishing attacks are:
- Emails that appear to come from your bank, Google, or other institution that invite you to log into a fake website in order to steal your account credentials.
- Emails that appear to come from someone you know with an attachment containing malware. When you open the attachment, your computer is infected and the attacker can gain access to content on your computer.
Be wary of any emails you are not expecting that ask you to do something or that contain links or attachments. Call the sender to confirm the email before opening any attachments. Use Google to search for the appropriate webpage rather than clicking on links in emails. If you do have to click on a link (like some services require you click on a link they email you to confirm an account), before clicking hover your cursor over the link to see the actual website it is sending you to – make sure it is what you are expecting (look for misspelled sites, example: goggle.com instead of google.com).
Be particularly mindful of spear-phishing attacks. Spear-phishing refers to an attack using information specifically about you to construct a more plausible phishing attack.
Clean up your “public” profile online. Spear-phishing may use publicly available information from, for instance, your Facebook, Twitter, or LinkedIn account. Adjust your privacy settings so only your friends can see information about you.
VoteBuilder, operated by the Democratic Party of Virginia in partnership with the Democratic National Committee (DNC), is one of the most valuable services offered by the Democratic Party of Virginia. It is the online database which holds the voter file (all of the registered voters in Virginia).
To schedule VoteBuilder training for your 9th CD committee please contact 9thCD VoterBuilder Admin, Mike Hudson.
The first requirement is that you’re a Democrat or working for progressive causes. Quick setup, brandings, mobile, captures required reporting data, secure. Flat rate of 3.95% charged on each donation. No contracts, no surprises, no hidden fees. V, MC, Amex, Discover, PayPal accepted.
Easy to create email campaigns. MailChimp Free Plan: forever free, up to 2,000 subscribers and 12,000 emails per month.
Automated calling services, very reasonable rates. People express frustration with fund raising calls, but not with informative ones that most committees will use. Robodial.org: Free cell phone scrubbing for FCC compliance. Free delivery to answering machines. Use your own callerid, or Robodial.org, no charge. You decide the time and date that your calls go out. Progressive organizations and candidates, and their allies.
The Virginia Department of Elections provides a central repository of forms and instructions approved for use in conducting elections.
- What Ifs (Election Management > Election Day Instructions and Forms > What Ifs (08-17) — PDF)
- Dos and Don’ts (Election Management > Representatives and Observers > Dos and Don’ts (07-17) — DOCX)
The central repository of VA DOE forms can be accessed at the “Forms Warehouse“.
- Virginia State Board of Elections (SBE)
- Voting and Elections – USA.gov
- Voting Information Project
- VoteEasy (Project Vote Smart)
- Democratic National Committee (DNC)
- Democratic Senatorial Campaign Committee
- Democratic Congressional Campaign Committee
- Virginia Senate Democratic Caucus
- Virginia House Democratic Caucus
- Virginia Progressive Caucus
- Democratic Party of Virginia (DPVA)
- League of Women Voters
- National Organization for Women (NOW)
- Emily’s List
- NARAL – Pro Choice
- National Urban League – Civil Rights
- NAACP – Civil Rights
- National Council of La Raza – Civil Rights
- American Civil Liberties Union – Civil Rights
- Southern Poverty Law Center – Civil Rights
- Interfaith Alliance
- DemRulz – VA DNC member, Frank Leone, Jr.
- VPAP – The Virginia Public Access Project – source of information about money in Virginia politics
- Voter Suppression
- Voter Caging – Brennan Center for Justice
- TruthAboutFraud – Brennan Center for Justice at NYU School of Law: Allegations of widespread fraud by malevolent voters are easy to make, but often prove to be inflated or inaccurate. Crying “wolf” when the claims are unsubstantiated distracts attention from real problems that need real solutions. Moreover, these claims are frequently used to justify policies – including restrictive photo identification rules – that could not solve the alleged wrongs, but that could well disenfranchise legitimate voters. The Brennan Center carefully examines allegations of fraud to get at the truth behind the claims.
- ALEC Exposed – Through the corporate-funded American Legislative Exchange Council (ALEC), global corporations and state politicians vote behind closed doors to try to rewrite state laws that govern your rights. These so-called “model bills” reach into almost every area of American life and often directly benefit huge corporations.
- RichmondSunlight – tracking the Virginia General Assembly
- MoveOn.org – MoveOn is working to bring ordinary people back into politics.
- Center for American Progress – A progressive public policy research and advocacy organization.
- Media Matters – A not-for-profit, web-based, media watchdog group; a progressive research and information center dedicated to comprehensively monitoring, analyzing, and correcting conservative misinformation in the U.S. media.
- Center for Media and Democracy
- SourceWatch.org – A guide to the names behind the news. A collaborative project of the liberal Center for Media and Democracy that produces a directory of public relations firms, think tanks, industry-funded organizations and industry-friendly experts that work to influence public opinion and public policy on behalf of corporations, governments and special interest groups.
- Huffington Post
A liberal / progressive American news website and content aggregating blog featuring various news sources and columnists.
- OpenSecrets.org – A non-partisan, non-profit research group based in Washington, DC that tracks money in politics, and its effect on elections and public policy.
- Open Secrets News
- Hatch Act – A discussion of restrictions on political activity by federal government employees, and by employees of certain state and local government agencies, under the Hatch Act.
- ACLU – Our nation’s guardian of liberty, working daily in courts, legislatures and communities to defend and preserve the individual rights and liberties guaranteed to every person in this country by the
Constitution and laws of the United States. Conserving America’s original civic values – the Constitution and the Bill of Rights.
- Daily Kos – an American political blog, publishing news and opinion from a liberal or progressive point of view.
- Blogossary – the blogosphere’s dictionary