“My social media account was hacked” has become one of the most cliched even-less-of-an-apology-than-a-non-apology-apology response by candidates and elected officeholders to embarrassing content being found online. But as the occasional bona fide case of real hacking or other cyber incident illustrates, taking online security seriously is now a must.
Here, then are some simple tips on what you need to get right if you hold public office, are seeking public office or otherwise help run a political party or campaign.
Have good passwords
Instead, pick good passwords and – crucially – have a different password for every system, so that if one account is hacked this does not put at risk all your other accounts. Password safes are the way you can manage this, letting you have unique passwords but without the headache of having to remember them all.
Use two-factor authentication
Don’t just rely on a password to secure an account. Turn on two-factor authentication – which means you have to take a second step to login, such as getting a numeric code sent to you by text message or from an authenticator app on your phone.
This was my 2014 new year resolution, thankfully, as it makes your systems much safer than simply relying on a password, however good that password is.
Here’s Tom Scott explaining what it’s all about in case you’re wondering why simply relying on a password isn’t good enough:
This, a variant on the con tried out by Samuel Pepys, is the crime, art and science of sending you a fake message which looks genuine enough to con you into entering your password into a fake system, handing it over to someone who then uses it to access and abuse your account. Variants on this include luring you into clicking a dodgy link that results in malware being installed on your computer. Either way danger, if not doom, follows from your click.
Google’s phishing quiz is a good way to hone your skills at spotting the fakes in your inbox.
Things will go wrong from time to time. You will at some point need to recover from a mistake such as the wrong thing being deleted. Which is why you need to keep backups, including for your Twitter account if you have one.
Close your old accounts
Having defunct accounts hanging around online brings security risks. So if you’ve stopped using something, close it down.