We are all aware that the headlines are crazy these days, especially with the election coming up next month. Are our election systems safe from cyber criminals?  Are other countries going to hack into our systems and influence the elections? Politics aside, we wanted to take a look at the cyber security measures being taken to secure the election and what can be learned from them to protect small business.

The purpose of this article is to discuss the Missouri state government’s cybersecurity strategy and how these strategies can be applied to the cybersecurity needs of your small business.  National, state, and local governments have invested millions into cybersecurity strategies developed by cybersecurity experts. These strategies offer important lessons for how to keep your small business protected from cyber threats.

The state of Missouri’s election security website details eight strategies to maintain security including:

  • No single point of access – each of the 116 election jurisdictions have their own voting system, making it more difficult for hackers to infiltrate

Small Business Lesson #1: Don’t reuse passwords!  Many people use the same email address and password combination EVERYWHERE.  If a hacker gets that email and password combo, they have a ‘single point of access’ to your digital world.  Always make your passwords complex and NEVER reuse passwords.  Use a password manager (such as our Passportal) to securely create, store and manage complex passwords.

  • Not connected to the internet – voting machines aren’t connected to the internet so they aren’t at risk of an internet-sourced cyberthreat

Small Business Lesson #2: Any device that is connected to the internet is a vulnerability in your network and needs to be protected from cyberthreats.

  • Voting machine paper trail – every single voting machine has a backup paper trail to audit the votes

Small Business Lesson #3: You don’t need a paper backup of your important data in your business, but it’s best practice to have failsafe backups of your data easily accessible in case of any problems.

  • Bipartisan counting of absentee ballots – a bipartisan team counts the absentee ballots

Small Business Lesson #4: It’s very important to have more than one person overseeing your network’s security and critical business data. Your IT company should partner with you and your team to regularly do a comprehensive overview of ALL your cybersecurity protection measures. Never assume that it’s just “being taken care of!”

  • Public testing of machines – all voting machines are publicly tested before and after election day

Small Business Lesson #5: It’s critical to test and monitor the cybersecurity protections you have in place for your business. For example, a routine dark web scan can detect any of your business credentials that are compromised, allowing you to take measures to address vulnerabilities before a larger cyber incident occurs.

  • Machines are locked and sealed – after being checked for accuracy, the voting machines are locked and sealed on election day to prevent any tampering

Small Business Lesson #6: After your network security is configured with the cybersecurity solutions in place, it’s important to NOT make any changes without your IT support company’s knowledge. If one employee gets the admin credentials and decides to download a file or program, they could inadvertently infect the entire network with a malicious file. Your network and endpoints need to be secured and tamper proof!

  • Second chance voting – Missouri requires all voting machines to give voters a 2nd chance to verify their ballot is marked correctly, giving them confidence and peace of mind

Small Business Lesson #7: Your clients count on you to keep their personal and financial data secure, so taking the proactive measures to protect their information gives them reassurance and peace of mind.

  • Results audited by LEA’s – all election results are audited by local election authorities (LEA’s) before any certifying results

Small Business Lesson #8: Please, please, please do NOT rely on your friend’s kid who “knows a lot about computers” to take responsibility for the cybersecurity strategy for your business. Today’s cybersecurity threat landscape is continually changing and a cybersecurity-experienced IT professional needs to be involved in providing adequate protection for your business. The federal, state, and local governments rely on the professionals to keep the elections safe and your business should do the same.

Bottom line?

Be serious about protecting your business and implement a multi-layered cybersecurity strategy that is actively monitored and reviewed by a qualified, cybersecurity trained, IT professional. Also, develop and maintain cybersecurity best practices and systems to prevent your business from falling victim to a cyberattack.

Federal, state, and local governments invest in technology to prevent election tampering and there are processes and safeguards in place to maintain the accuracy and integrity of election results. It’s critical for you to also take cybersecurity seriously for your business. Have questions or concerns about vulnerabilities in your business? I’m available to discuss any questions you have, just call my office at (314) 432-1661 and I’ll be happy to speak with you.