Politicians, think beyond physical security
A breach in digital security can be devastating for politicians gunning for elective seats.
Following the electoral commission’s clearance, political parties have begun their campaigns in earnest.
The presidential contest is close, and each side is sizing up the other, hoping for a political edge. The leading contenders have beefed up their security – because their physical safety is paramount.
Beyond their physical security, a breach in their digital security can be devastating.
The prime real estate of the campaigns is information, and that information often resides in the digital space. The information is stored or transported in their phones, tablets, computers and cloud storage.
It’s fair to assume that emails and text messages sent through digital devices could be digitally intercepted and used to the advantage of the opposing side. Therefore, the top-tier leadership should communicate using secure phones, preferably iPhones.
Apps running on their phones need to be evaluated by technology-savvy personnel to ensure that there are no backdoors through which sensitive information could leak. Hackers especially target emails on public cloud systems like Gmail, Yahoo and Hotmail. All emails should be sent through secure, encrypted channels and be hosted on private, secure servers.
The computers and servers on which critical campaign information is processed should be tested regularly to ensure that it is protected from accidental or malicious access by internal or external parties.
Not everyone needs to see all the information stored in computers carrying classified information. Some information is confidential or top secret and should only be seen by people permitted to see it. Staff should be granted access rights that only allow them to see information relevant to their roles.
Viral attacks on laptops and computers ought to be prevented using the right software. Computers and other devices contain sensitive information or are connected to devices that host classified information; they should be in secure locations with limited physical access. Only a few authorised people should have access to the server room as if it were a strong room in a bank.
Computer systems should be running on the latest vendor-approved software to ensure any weaknesses are appropriately patched.
All information should be backed up in real-time, preferably in a different location. If the equipment is stolen, lost, or compromised in any way, the information should be recoverable fast without hurting the candidates.
The leaders should take a lesson on sanitising their devices, securing their devices, websites to keep off, and links not to click. They also need to know the tell-tale signs of a compromised communication channel.
Watch the printer area because sometimes people print classified information and forget to pick it from a shared printer – a common way to leak information by negligence. Finally, don’t just discard computers, printers, or copiers when they break down. The information can still be retrieved from hard drives and memory. Instead, burn or crush them into powder or corrode them with acid.
Mr Wambugu is an informatician. [email protected] @Samwambugu2
