CyberSecurity Tips For Both Political Parties

The American people want to believe that both political parties and our journalists will not lie, cheat, steal, or tolerate those who do.  Instead they found out that:

  • Glenn Thrush is actually a political hack masquerading as a journalist.
  • From time to time Donna Brazile gets debates questions in advance and had no ethical problems passing it on to the Clinton campaign.
  • The supposedly neutral DNC was actively trying to undermine the Bernie Sanders presidential campaign despite telling everyone they were not doing that.

This loss of innocence was one of the major reasons behind the success of Mr. Trump’s “Drain the Swamp” theme. Although the intelligence community is trying to divert attention from the gross incompetence and ethical shortcomings of the DNC, Mr. Podesta, and those journalists, I feel it is my responsibility as an old IT guy to remind both political parties and journalists that you are the first line of defense in cybersecurity.  Gross stupidity can easily defeat the best cybersecurity plan. So here are my tips:

Stop Doing Ethically Stupid Stuff And Writing About It In Emails

It is better to be thought a cheater than to write an email that removes all doubt! As an example the Donna Brazile “From time to time” email could have been written a  thousand different ways that would obscure the source while preparing Ms. Clinton for the subject matter. A simple rephrasing of the question would have at least given Ms. Brazile plausible deniability as a cheater. Ms. Clinton’s worst debate answers are far better than the stigma from being caught cheating. Of course, a more ethical person would not have divulged the question to Ms. Clinton. Most of the journalists mentioned in the Wikileaks releases doing ethically stupid stuff probably regret writing about it in an email. The lesson that should have been learned is that embarrassing emails in the wrong hands are very valuable. You have just provided the reason for even more hacking attempts!

Treat All Communication Devices As Non-Secure

Whether you are in the privacy of your home or at Starbucks you should assume that someone is trying to intercept your communications. It could be the NSA, Russian intelligence, or just some script kiddie having fun.   If only a small portion of your emails are about yoga and wedding preparations, you really should not have a private email server. Who were the adults in the room advising Ms. Clinton about the security risks associated with the Secretary of State having a private email server? Brian Krebs of KrebsOnSecurity sums it up best.

There are some fairly simple, immutable truths that each of us should keep in mind, truths that apply equally to political parties, organizations and corporations alike:

  • If you connect it to the Internet, someone will try to hack it.
  • If what you put on the Internet has value, someone will invest time and effort to steal it.
  • Even if what is stolen does not have immediate value to the thief, he can easily find buyers for it.
  • The price he secures for it will almost certainly be a tiny slice of its true worth to the victim.
  • Organizations and individuals unwilling to spend a small fraction of what those assets are worth to secure them against cybercrooks can expect to eventually be relieved of said assets.