Protected Voices 

Logo of Protected Voices initiative: Your voice matters, so protect it.

Protected Voices is an FBI initiative to mitigate the risk of cyber influence operations targeting U.S. elections. Part of that initiative is outward-facing and includes efforts by the Bureau to raise awareness among political campaigns about the best ways to fend off possible attempts—by criminals, foreign agents, or others—to infiltrate their information technology infrastructure.

One key to addressing this threat is for a campaign to enhance its own cyber hygiene, the technological equivalent of locking your doors and windows. To this end, the FBI—in partnership with the Department of Homeland Security and the Office of the Director of National Intelligence—has released a number of short videos, embedded below, on the most urgent cybersecurity issues that may leave a campaign’s computer networks vulnerable to attacks. The videos include tips and best practices on how best to protect your organization, based on industry research and our own vast experience investigating cyber crimes.

But even beyond political campaigns, the cybersecurity information contained in these videos—which ranges from protecting passwords to social engineering threats to what to do if you think you’ve been hacked—will be helpful to anyone who uses a computer.

Another step you can take to help ensure the integrity of your network is to join InfraGard, an important public-private resource that offers the latest intelligence bulletins regarding cyber and other threats. InfraGard is open to U.S. citizens with ties to at least one of the nation’s designated critical infrastructure sectors.

Reporting Suspicious Cyber Activity

State and local election officials or campaign staff should report suspicious activity to their local FBI field office and also notify FBI CyWatch at cywatch@fbi.gov or 1-855-292-3937.

Videos

Cyber attacks often begin with a social engineering technique, such as phishing, so train your campaign staffers to recognize and thwart these types of attacks.
Keep your systems patched, ideally with automatic updates; set effective rules for your firewalls; and install anti-virus software with regular or automatic updates.
Require your staffers’ passwords/passphrases to be long, and consider using a password keeper/vault, setting up logging on your network to track password activity, and adding multi-factor authentication.
Educate everyone involved in your campaign on good InfoSec practices, create a written InfoSec policy, and develop and implement ongoing training/testing for InfoSec policy compliance.
Web browsers are how your devices access the Internet, so adjust your browser settings—and the settings on your mobile devices—to maximize your privacy and security.
To secure communications channels—such as email, messaging apps, and social media—use encryption, disable archiving, use access controls, disable remote wiping, use account lockout, and patch your systems.
When using open/public Wi-Fi, access the Wi-Fi via a VPN. Only visit Internet sites that use HTTPS, don’t let your device automatically connect to available networks, and turn off your device’s Wi-Fi connections when you don’t need to use them. Don’t do your banking and shopping transactions on open/public Wi-Fi.
To protect your router—which is the gateway between your network and the Internet—change your router’s default password, apply patches regularly or automatically, choose your network name carefully, and use WPA2 for encryption.
Cloud-based services may offer your campaign increased cybersecurity measures, so research reputable cloud services vendors with the best balance of privacy, security, and cost for you.
A VPN is a great way for your campaign to keep its communications and Internet activities more private, especially when using public Wi-Fi or other points of access not under your direct control.
By the time you realize your system is compromised, all of your data may already have been taken. There are a number of red flags to look for that might indicate a cyber attack, including passwords not working, a large number of pop-up ads, unexplained online activity, slow-running devices, and altered system settings.
Develop a cyber incident response team and plan so your campaign is prepared for a potential cyber incident. Your plan should include the three components of an incident response team: technical, legal, and managerial. Identify a backup way for your team to communicate without relying on your computer network.

Frequently Asked Questions 

Is this information just for campaigns?

This information is geared toward campaigns but it is good information for all members of the public. It is always important to practice good cyber hygiene, or taking basic steps to protect yourself from hackers.

What type of router do you recommend? What is the safest Internet browser to use?

The FBI does not make recommendations on brands of routers to buy or Internet browsers to use. We recommend that individuals and campaigns do research on the types of hardware and software that would best fit their needs.

Whom at the FBI do I contact if I believe my campaign has been a victim of a cyber attack?

State and local election officials should report suspicious activity to their local FBI field office and also notify FBI CyWatch at cywatch@fbi.gov or 1-855-292-3937.

How much money should campaigns budget for cybersecurity?

The investment required for cybersecurity will vary based on the needs and size of each campaign.

Will the FBI contact me if they think I have been a victim of a cyber attack?

When a victim is identified, we refer to our victim notification process and conduct an assessment in accordance with the Attorney General's Guidelines for Domestic FBI Operations. Notification is made directly to the “individual, organization, or corporation that is the owner/operator of the computer at the point of the compromise or intrusion.”

What should I do if I am mailed digital media? Is it safe to put the media in our computers?

The source of the digital media should be considered when determining authenticity or risk. All digital media, even from trusted sources, should be reviewed for possible malware or viruses. The FBI recommends conducting a review and vulnerability check of the media on a computer not attached to your network. This standalone computer will allow you to review the content without exposing your computer network to unnecessary risk. Be mindful of not exposing your network by transferring and using digital media between the standalone machine and networked computers. Much like how you should not open links or attachments in e-mails from senders you do not recognize, you should never insert digital media into a networked computer before checking it for malicious software.

Where can I learn more?

You can join InfraGard, a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of critical infrastructure. To join, visit infragard.org.

Why is the initiative called Protected Voices?

The Protected Voices initiative is so named to emphasize the FBI’s role in protecting the voice of the American people as they participate in the electoral process.