Posted: 4 Min Read Election Security

Laptop Security, Hygiene can Make or Break a Campaign

Best practices around cyber security may have a direct impact on your candidate’s chances of prevailing

Maybe it’s something about traveling by plane that lowers people’s cyber guard. I can’t keep track of the number of times that I’ve seen fellow passengers plug their laptops into a power outlet at an airport lounge and then head for the bar or the facilities. Once they board the flight, it’s no better. Getting up to stretch their legs, they often leave their machines open and unlocked on their seats, trusting that nobody will snoop on them.

There’s so much about cyber security that boils down to simple common sense. Or the lack thereof.  What’s clear is that people need to be more vigilant when they’re working outside of their offices. There are sophisticated tools that can steal confidential information very quickly once inserted into an unattended laptop.

For instance, one such device is called a Rubber Duck.  While it may look like a USB Flash Drive it is anything but.  Think of a Rubber Duck as a USB keyboard without any keys.  The Rubber Duck is loaded with key strokes that are automatically run when it is inserted into a USB drive.  Once inserted, the laptop recognizes the Rubber Duck as a keyboard and types the key strokes that are loaded on the tool.  It is a fast plug-and-play, no-knowledge-needed exploitation machine.  It can type at a speed that is equivalent to 1,000 words a minute. The commands can create backdoors, steal passwords and messages. Think about that the next time you leave your laptop unlocked and unattended.  What could be stolen if you let a security expert who can type 1,000 words per minute have the run of your keyboard for 30 seconds?

For anyone working on a political campaign, emails and campaign strategy and position documents assume mission-critical importance. That’s why attending to the security basics can help thwart political adversaries. That’s also why ignoring best practices can also sink your candidate’s chances of prevailing.

Who is Shoulder Surfing You?

Whether you are in a restaurant, bar, campaign rally or airplane, discourage prying eyes by restricting the viewing of your screen and locking your laptop when you walk away.  You can purchase privacy shields for your laptop screens to restrict the view angles of the screen.  Also, setting your screensaver lock to turn on after a couple of minutes will help protect your data from prying eyes if you walk away from your laptop and forget to manually lock it. One of my favorite devices for locking and unlocking my Mac is the Apple Watch, which has a feature that will lock and unlock your computer within proximity of your watch. You can find other third-party apps that do this as well. Also, be aware that some messaging systems have pop-up notifications that appear even if your laptop is locked.  Text from iMessage, emails and app alerts can all share information to strangers on a plane, unbeknownst to you.  Check your messaging and email programs to make they only display that a new message has arrived and not the content of the message unless the laptop is unlocked.  Many of the messaging platforms support this option.

Shut Your Computer Down

Even when you have full-disk encryption turned on, remember that it works only when your computer is completely shut down. When the machine’s lid is closed, the operating system could still be running. If you have a Mac, you can turn on FileVault to encrypt the machine – always a good idea if you leave your laptop in a hotel room, for instance.  However, full-disk encryption on a machine is the best line of defense against someone trying to access your data when you leave your machine unattended or if your laptop happens to be stolen.

Don’t “Save Passwords” in the Browser

Passwords are the bane of our existence, but despite the convenience factor please don't save the password to your browser. Type it in. Modern browsers have a way of syncing passwords across multiple machines.  This means if someone were to compromise your Google password, they could log in on a different machine with your credentials and have access to your passwords and browser history. Unfortunately, people get lazy and say, `Hey, remember this computer for the next 30 days.’ Wonderful: they just weakened their security for the following month. And I guarantee you that on the 31st day, when the system prompts them to type in their information, they’ll opt to again tell the system to `Remember this computer for another 30 days.’ 

For anyone working on a political campaign, emails and campaign strategy and position documents assume mission-critical importance.

Turn on Location Services

Turn on the location services if your devices do not have a GPS built in. Many of the location services use WiFi access points as a means of course geolocation. If your device were to be stolen, you will be able to then track your devices and hopefully get them back. For example, Apple has some very useful tools though their free iCloud services.  Not only can you geolocate your devices, but you can also remotely lock, wipe and locate them. Also, I use an inexpensive app called DND on my personal laptop. If I’m away and someone opens the lid of my laptop, the app lets me shut down the machine or take a picture of the intruder.

These simple tips can be used to help lower your chances of being compromised. Not just while you are running your campaign, but also when you are in office.  Remember to have your family use these same tactics to keep their devices secured as well since some hackers try to exploit friends and family’s devices to find out information on their primary target – and that might be you.

Click Here: For all Election Security Information from Symantec

You might also enjoy
Video
Election Security 4 Min Read

Email, Communications Safety Key to Election Security

It pays to exercise extra caution, particularly when it comes to campaign email and cellphone communications. Here’s what you need to know

About the Author

Brian Varner

Special Projects Researcher, Cyber Security Services

Brian Varner is a researcher on the Cyber Security Services team, leading the CyberWar Games and emerging technologies development team. Prior to Symantec, he worked at the National Security Agency as a tactical analyst.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.