I’m cross posting this from my carrcommunications.com blog because I’ve now run across the problem of campaigns failing to control their own Internet domains several times. Your domain is an important asset that you need to protect for the success of your campaign and (hopefully) future reelection campaigns.
One thing that many small businesses, nonprofits, and political campaigns I have dealt with fail to pay attention to is ensuring that they have direct control over the Internet domain associated with their website and email accounts. Often, the domain is registered by a web consultant in the name of the consultant or consulting firm. Or sometimes, with nonprofits, it’s a volunteer who handles the registration and who winds up with the domain in his or her name. Unfortunately, this can cause the organization that rightfully should own that domain a lot of grief if the intermediary turns out to be unreliable, incompetent, dishonest, or just unreachable at a critical moment.
This is where your website and business email both go dead one day, seemingly without warning, because you never got the notices that your registration was about to expire. Or, you hire someone else to revamp your website, only to discover that you can’t “turn on” the new and improved version because you don’t have the necessary password and aren’t recognized by the domain registrar as having the right to access the account.
Your Internet identity is an important corporate asset for you to protect. Failing to do so is the kind of mistake that seems obvious in retrospect but is easily overlooked by an organization focused on getting up and running on the web. (more…)
Read on for more about how to avoid problems with your domain registration.
This is only one aspect of a campaign’s online identity, of course. You also need to protect your website, pages on Facebook and similar sites, and your email account, so that no one who is not you (or an authorized proxy) gets to put out messages that look like they’re coming from you. Think offensive messages, swastikas on the home page. Even after you explain that your site was hacked and it wasn’t really you, you still wind up looking foolish.
Among other things, this means you need to use serious, hard-to-guess passwords for your campaign accounts. Why would you, as a candidate, not consider the possibility of someone hacking your site as a political dirty trick? Even if your opponent wouldn’t stoop that low, you could be the victim of a rogue volunteer who is able to log into your website or your Facebook page or your email account because you used an obvious password like “grassroots” or the name of your first born child. Even outside of the political context, I see evidence of people trying to hack my websites all the time. Bored high school kids download automated hacking tools off the web and set them to probing Internet sites at random, breaking in just for the hell of it wherever they find weakness. So this is an area where it pays to be paranoid because they really are out to get you.
A good password might be based on a word or sentence with some personal significance, to help you remember it, but you need to encode it or obscure it somehow. A couple of suggestions, as outlined in this article on the Microsoft web site, are to take the first letter of each word in a sentence you’ve memorized, so that “My son Aiden is three years old” becomes “msaityo” and to complicate your password by combining upper and lowercase letters, numbers, and punctuation characters for something like “M$8ni3y0.”
You have to balance the need for security against what you can realistically memorize. Just don’t make it so obvious that your accounts can be cracked by anyone who has seen you talk and can try plugging a few of your favorite words and phrases into that password blank.