Fighting Back
Levin said there are several ways public and private institutions can fight these threats:
● Develop and implement a cybersecurity strategy, and make sure everyone involved in the process is trained to spot trouble.
● Use two-factor authentication on all mission-critical systems.
● Conduct penetration tests and hire a security expert to audit systems and conduct risk limiting audits.
● Educate election workers on the threats and how to spot signs of trouble, especially when it comes to phishing emails.
● On a legislative level, passing laws that penalize the social media companies where disinformation is spread.
Matthews recommends the following steps for businesses to take now:
● Communicate the risk of election-based hacking to all employees.
● Remind them of the company’s security policy.
● Ensure the personal, acceptable use policy is well understood. Specify if employees can use social media for such personal interests as the election research and news.
● Push out regular updates to all remote devices, ensuring the latest security patches are in place.
● Fully assume that, no matter how good your defenses are, someone will eventually click a rogue link and the corporate network will be compromised. Ensure all information is protected through comprehensive backup so it’s recoverable after an attack takes place.
