Cybersecurity Preparation ahead of the 2020 General Election
The November general election is fast approaching, and the security of municipal websites is of growing concern.
The team at Town Web received communication from the Wisconsin Elections Commission (WEC) recently alerting our Wisconsin municipal clerks about potential cyberattacks. Town Web is taking this threat very seriously for our hundreds of municipal clients across the United States.
Even though the notice came from Wisconsin, the information is just as relevant for our clients in other states. It is likely that each state’s election commission is sending out similar notices regarding the threat of cyberattacks.
According to the Wisconsin Elections Commission notice, the director of National Intelligence and federal agencies confirm that “foreign adversaries are attempting to discredit the 2020 General Election through a deliberate campaign of misinformation and through cyberattacks on elections infrastructure.” The threats are expected to last through Nov. 3, and the letter states “election officials at all levels should be prepared to combat false information and react to cyberattacks, such as the loss of an official website.”
To read the original notice from the Wisconsin Election Commission Administrator Meagan Wolfe from October 22, 2020, please visit this link.
To summarize the letter, the Wisconsin Election Commission is recommending all municipal officials to act on each of of the following points:
- Set up Multi Factor Authentication (MFA) for Email
- Use Complex Passwords
- Perform Regular Backups
- Keep your Computer Software Updated
- Keep your Computer’s Operating System Updated
- Utilize Resources to Stress Test your Infrastructure
- Protect your website from DDOS attacks (Distributed Denial-of-Service)
If you would like to have Town Web set you up with any of the services above, please fill out the Town Web Cybersecurity Form here, so we can help you as efficiently as possible.
Set up Multi Factor Authentication (MFA) for Email
Since Town Web hosts your website, we can enable multi-factor authentication for your website. If we are your email provider, we can enable it for email, too.
Fill out our form to request information about email with MFA included.
Use Complex Passwords
If you are on our latest version of TownCMS, we can detect if your passwords are not complex. Because of the communication from the WEC, Town Web will automatically and proactively convert any passwords on your site to one that is complex, if we detect that your current password is not a complex password.
Therefore we suggest that you immediately change the password on your own to one that is complex. Follow this password creation guide to see how you can create a complex password. Essentially a complex password will have capital letters, smaller case letters, at least one number, and at least one symbol, and be at least 10 characters in length.
In the very near future, we will automatically reset any non-complex passwords and proactively change them to something complex. You will therefore not be able to login if your current password is not complex. Therefore, when you log in, you must reset your password. Follow this link to understand how to reset the password on your website.
If you are not on our latest version of TownCMS, please contact us to see about upgrading.
Perform Regular Backups
Town Web clients using our latest version of TownCMS receive automatic website backups. Not sure if you’re on our latest version? If you’ve purchased a website from us in the past four years, you are probably up-to-date. Older websites may not have regular backups.
Fill out the Town Web CybersecurityForm to find out if your site receives incremental, full or database backups.
Keep your Computer Software Updated
It’s important to keep your computer application software updated. Updates to apps improve your programs’ performance, fix bugs and add security patches. However, your computer won’t automatically update these applications. This PC software update guide offers suggestions to keep your software updated.
Macs and Apple devices also need to have apps updated. Watch this short video to learn how to go to the App Store to easily update your computer or device.
Keep your Computer’s Operating System Updated
Your computer’s operating system needs ongoing updates, as well. Just as apps are fixed for bugs, ease of use and security, the system that runs your computer is continually being tweaked by developers. Those changes are made available to you as updates. To enable automatic updates for your computer, follow these instructions from Microsoft. You can check for Windows 10 updates and install them manually following the instructions in this video https://www.youtube.com/watch?v=DDv2gJDjfOM.
Mac users can learn how to update their OS with this video from Apple Support.
Utilize Resources to Stress Test Your Infrastructure
The Department of Homeland Security encourages local governments to test their cybersecurity and infrastructure and suggests several popular services. To request all except RRAP, email firstname.lastname@example.org with the subject line “Requesting Cyber Hygiene Services.”
- Remote Vulnerability Assessments. This service scans internet accessible systems for vulnerabilities. It is automatic and delivers a weekly email notice for IT professionals to review.
- Phishing Campaign Assessment. This program trains staff to measure susceptibility to social engineering attacks. Over six weeks, the program uses increasingly sophisticated methods to gain access to local systems and provides a detailed report and guidance to defend against phishing attacks.
- Remote Penetration Testing. This six-week program simulates the tactics and techniques of real-world threats. Participants receive a customized assessment and a detailed written report with recommendations. There is a waiting list for this service.
- Regional Resiliency Assessment Program (RRAP). This project typically takes a year to collect and analyze data followed by continued technical assistance. For more information, send an email to Resilience@hq.dhs.gov.
Protect your website from DDOS attacks (Distributed Denial-of-Service)
As standard procedure, Town Web’s municipal clients have their DNS (Domain Name System) managed through Cloudflare. The standard version of Cloudflare does provide for basic DDOS protection. However, all municipalities are eligible to receive a higher level of protection through Cloudflare’s Athenian Project.
Cloudflare’s Athenian Project will offer its highest level of service for free to state and local governments that have information related to elections on their websites. It includes: Unmetered DDoS protection; content delivery network; web application firewall; SSL encryption; 24/7 email and phone support); CNAME set-up capabilities; and role-based account access. Fill out our Cybersecurity Intake Form to learn how you can upgrade for free!
Be Vigilant with Your Email
The Wisconsin Elections Commission recommends other ways to keep your website safe by keeping your computers and programs safe:
- Use email caution. Don’t click on suspicious links and check with a sender before clicking on a response to an older email.
- Use strong passwords.
- Upgrade computer hardware and software to the latest versions.
- Shut down and restart your computer often to allow updates to install properly.
Town Web wants to work with you to ensure your municipal website is safe on Election Day and every day. We want to know how you want us to secure your website. Please take a few minutes to fill out the Town Web Cybersecurity Form so we can address your needs.