Microsoft’s Windows, Office 365 advice for secure elections


This is Susan Bradley for CSOonline. Today we’re going to talk about elections.
No don’t worry I’m not going to talk about politics. I’m going to talk about election
security and specifically some actions that Microsoft is taking to make sure all elections
across the world are more secure. First off they’re offering free Windows 7
patches to any certified voting systems through the year 2020 both in the United States and
in other countries as defined by the EU Democracy Index. But the risk to elections don’t stop
there. Just because the ballot box may be secure doesn’t mean that the email that the
candidates and their staffers are using is secure. Recently Microsoft indicated that
attackers from Iran attempted to break into accounts of users that were related to the
American Republican Party. While Microsoft didn’t state which campaign was attacked in
their information, Reuters later on went to say that the Trump re-election campaign was
targeted by Iran linked hackers. The attacks indicate that the attackers use time and resources
to target the attacks. They investigated personal information, targeted secondary recent accounts
and gathered phone numbers to better target the electors.
Microsoft urged the election officials to take specific action to protect their accounts
and in doing so we too can learn some lessons about how to protect our systems. Microsoft recommended that you review your
account settings to see for unusual activity. For example here in the Microsoft account
I can see that I recently logged in. And it’s where my address is located so I can review
that. Everything that I expected to see here is proper and I don’t have anyone attacking
from another location. Remember for Office 365 accounts you can review log files and
you can enable a conditional access to limited logging ability from unusual locations. Next
you want to make sure you enable two step verification or two factor authentication.
And you can also enable identity verification apps such as the Microsoft authenticator app.
You can also turn on yubkey, a hardware token key. That allows a hook to Windows hello to
provide additional protection as well. If you works for someone in the political
space you’ll want to check out Microsoft account guard. It’s a new security service offered
at no additional cost to these customers. It provides notification to the organization
and impacted individual if either a hotmail outlook account or an Office 365 account associated
with an organization is threatened or compromised by a known nation state actor. Microsoft also
provides guidance on how to setup Office 365 securely for political campaigns not prop
nonprofits and other organizations. Specifically for not for profits Microsoft
provides discounted licensing that one can take advantage of through organizations said
just text soup dawg. I personally think that information goes a
long way to helping you be secure and there’s organizations such as the EAI ISAC services
provided by the Center for Internet security. That allows officials in the United States
and associations involved in governments and other organizations to sign up and get more
information. But what about for you and I? The common person
who isn’t involved in an election or government. What do we have as resources? Don’t worry
there’s information out there for us too. For example the Department of Homeland Security
provides a cyber infrastructure security site that you can sign up for notifications. But
what if you’re not in the United States of America? Look around for resources in your
neck of the woods. For example if you relocate in Australia you can sign up for the Australian
Cyber Security Centre and their notifications. If you need actionable guidance on hardening
hardening Windows operating systems the Centers for Internet Security provides checklists
and benchmarks settings for workstations servers and cloud implementations. If you work for
an industry that’s seen as critical infrastructure you can sign up for Infraguard a private public
partnership with the FBI to share information. So what takeaways can we take from learning
about Election Systems and keeping them safe? Ensure you have a patched operating system.
Microsoft has recently announced a change to make it easier for small and medium businesses
to purchase extended support from Windows 7. Look for more information starting on December
1st 2019 on how to get extended support contract for Windows 7. You want to make sure you add
two factor authentication to email accounts. You want to highlight and take special precautions
to those users that are targeted. You want to ensure that you and your users are educated
on threats and risks. Sign up for information from organizations that share information
targeted to your size and your type of firm. Last but not least you want to review guidance
on how to keep our systems more secure. For example Windows has provided a security baseline
for Windows 10 1903 and server 1903. They’ll be upgrading this shortly in November to support
Windows 1909 that’ll be coming out at that time. I’ll be discussing these settings in
further detail in upcoming CSO Online tips. So even if you aren’t into politics are running
a campaign it’s wise to review what Microsoft recommends to keep our election secure and
see if you two can follow their guidance. Until next time. Don’t forget to sign up for
tech talk on the IDG new YouTube channel for the tech news of the day. Until next time.
This is Susan Bradley for CSO Online.

, , , , , , , , , , , , ,

Post navigation

Leave a Reply

Your email address will not be published. Required fields are marked *