Cyber security advice for political candidates

Foreign actors are targeting democratic processes around the world, including every level of government in Canada. If you’re involved in politics – as a political candidate, staffer or volunteer – you are a target. It’s vital that you take steps to protect yourself.

The Cyber Centre has advice to help you protect your cyber security and deal with cyber threats. The following guidance isn’t all you need, but if you follow this advice, you can help make your campaign more cyber secure.

How cyber threat actors target you:

Cyber threat actors looking to interfere in our elections may attempt to:

  • hack your accounts, including:
    • hijacking your social media accounts
    • leaking campaign secrets, plans or internal communications
    • blackmailing or embarrassing you using sensitive information
  • discredit your campaign or platform by creating impersonation and parody accounts and spreading disinformation
  • steal personal information or financial details

You and your campaign are a target. Protect your campaign from a cyber security compromise and the complications that often accompany it.


Practical steps to increase your cyber security

Secure your campaign by taking these practical measures.

Use strong and unique passphrases or passwords

Passphrases and passwords should be unique and complex. Each account, website or device should have its own strong individual passphrase or password. Don’t share your password. Only change your password when there’s a good reason to do so, like if you think you’ve been compromised.

Enable multi-factor authentication

Multi-factor authentication (MFA) adds another line of defence against someone hijacking your account. It works by combining at least two items of authentication, such as:

  • something you know (password or PIN)
  • something you have (a smart card or a security key)
  • something you are (biometric features like fingerprint or face scan)

Secure your mobile device with a passcode or other form of identification

If your mobile device is lost or stolen, a passcode or another form of identification, like a fingerprint, will be the only thing protecting your information. Most devices automatically encrypt the information on them once you’ve enabled the PIN or passcode, further protecting your most sensitive information.

Regularly update your devices and systems and install security patches

Updates and patches don’t just fix bugs or improve usability or performance, they also address known security vulnerabilities. Unpatched devices and systems can provide opportunities for cyber threat actors to infect your devices or gain access to your information.

Secure your social media and email accounts

Many candidates have a campaign manager or other support staff with access to their accounts. Know your options for delegating authority (what to do when you need multiple users to access one account). Use as many security settings as you can, such as multi-factor authentication, for each social media platform.

Watch out for malicious messages

Phishing messages target a group of people by simulating a legitimate message from a trusted sender. Spear-phishing messages are tailored to you based on your work, your interests or personal characteristics.

Be aware if the message seems out of character or off topic for the purported sender. Call them to verify they sent it before opening. Never click on links or open attachments unless you are certain you know who sent them and why.

Log out of accounts on shared desktop computers

If you log into any of your social media accounts on a shared computer, make sure you log out and never save your username and password. Don’t access your accounts from untrusted devices like hotel business stations, which may be infected with malware.

Regularly review your account and recovery settings

Your social media and email accounts have a section for account recovery and password resets. Check them regularly to make sure they have up-to-date contact information and security questions. Make your privacy settings as high as possible.

Back up your information

Back up your campaign information in case you become a victim of ransomware. Know how to recover vital information if your device is damaged, lost or stolen.

Avoid using free Wi-Fi

Free or unprotected Wi-Fi may be convenient, but it is relatively easy for anyone else on the network to eavesdrop. Don’t access your email, social media accounts or sensitive accounts from free or unprotected Wi-Fi. If you choose to use free or unprotected Wi-Fi, do not type any sensitive information while you’re connected. This guidance applies in particular to the login credentials for your campaign accounts.

Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: