Down ballot campaigns can be notoriously bad with data security and infrastructure. However, this last election showed how vulnerable parties and campaigns are to having private data and correspondence exposed. Check out these tips from data security experts, Tanya Forsheit (Frankfurt Kurnit Klein + Selz PC), Matthew Meade (Buchanan, Ingersoll, Rooney PC), Jeff Birnbach (Sylint), and moderator Brian Franklin (Impact Politics & Campaign Defense Inc.). This webinar was sponsored by Campaign Defense Inc. Contact Brian Franklin at ops@campaigndefense.com for more information on how Campaign Defense can help you!

Tanya’s Lessons:
1. Even if you are a very small organization, you are still accountable for keeping privileged information secure such as employee records or campaign plans. If the release of this information could have a damaging effect on individuals, candidates, or campaign teams then it needs to be kept secure.
2. Take a look at the client agreements you have and determine if there is anything mentioned about data security and the liability you have regarding the classified information of said clients. It is very important to understand these agreements and know the steps to take if a threat occurs.
3. Having reasonable security is the baseline for most campaigns and organizations. Make sure to research and understand what this might mean for you or your clients. There are great resources out there to take advantage of.
4. If you have been hacked, contact a lawyer right away to ensure you’re not putting privileged information in writing during the investigation.
5. Don’t sit on a threat when you know it is happening. Keep in mind “the cover up is worse than the crime.”

About Tanya: Tanya Forsheit, a Partner with Frankfurt Kurnit Klein & Selz PC, has advised on high-profile matters involving confidential data and other sensitive information for nearly 20 years. She represents multi-national and emerging companies in the media, entertainment, consumer products, healthcare, technology and professional services industries, and serves as outside privacy counsel for numerous organizations. She counsels clients facing data security breaches and defends against allegations that they mishandled sensitive customer or employee information. She advises on the protection, storage and monetization of confidential data, including privacy policies, mobile apps, cloud computing, smart devices and data analytics.

Jeff’s Lessons:
1. It’s important to incrementally backup your data offline so your information is secure. Don’t store documents if you don’t need them. Take information off of your laptop and put it on an external hard drive if it is no longer needed on a daily basis.
2. Be extremely careful of opening any emails from anyone you do not know. Ultimately people are the weakest link in data security in terms of being the most vulnerable to threats.
3. Use separate credentials (user names and passwords) for each of your existing accounts. Invest in software such as Password Keeper to store all of your credentials safely.
4. Classify your information—everyone on your campaign team does not need total access to all files all of the time. Disable credentials immediately when someone leaves your organization or campaign.
5. If you’ve been hacked the first thing to do is disconnect from the network and preserve files.

About Jeff: Jeff Birnbach is the Managing Director and a Partner at Sylint Group. His background includes over 30 years in senior leadership roles in software and emerging technologies. Jeff has extensive experience in information security, incident response, analytics, and investigations. In his current role, he oversees cyber security and digital data forensics teams focused on intrusion detection, incident response, cyber breach investigation, security assessment, malware identification and remediation. Recent investigations include cyber extortion, ransomware, nation-state attacks, Medicare fraud, credential trafficking, celebrity stalking and child exploitation.

Matthew’s Lessons:
1. Often times folks focus on the technical part of a breach, but the human element is very important here—making sure your team is aware of the dangers is key. Educate each employee to make sure they are not the reason for a security breach.
2. Make sure to have offline backups of your files that are separate from your server. This will keep your campaign safe from Ransomware attacks.
3. A big part of data security is document retention. There may be a business need to keep years of emails or documents, but typically important documents should be kept on encrypted devices outside of the email account or server.
4. Encryption is extremely important as a safe harbor. Arm your team with encrypted laptops to eliminate potential risk.
5. Have a protocol in place for security threats and a team ready to take action. Have a conversation with a digital expert to learn about securing your online channels. Hacking can happen to anyone (big or small organizations), so it is best to be prepared.

About Matthew: Matthew H. Meade is Co-Chair of Buchanan, Ingersoll, Rooney PC’s Cybersecurity and Data Protection Group where he provides advice regarding data security breaches, information and records management and other areas regarding privacy. He helps clients identify business risks associated with the use and storage of sensitive information. Matt regularly advises clients on security breach notification laws and other U.S. state and federal data security requirements (including laws regarding disposal of records). Matt drafts agreements addressing issues related to data use, privacy and security. He also has prepared document retention and management policies and developed associated training programs.

A huge thank you to our speakers for sharing their expertise with the AAPC membership!