The increasing frequency of cyberattacks make clear that more must be done to protect key democratic institutions from cyber-enabled interference. With just a few weeks left before the U.S. midterm elections and early voting under way, campaigns must stay vigilant in protecting against cyberattacks to their online collaboration tools, including email. Microsoft recommends taking action today to protect against phishing, malware, account compromise, and other threats—see Top 10 ways to secure Office 365 and Microsoft 365 Business plans from cyberthreats. These recommendations are tailored for small to mid-sized political campaigns and election-focused stakeholders using Office 365 or Microsoft 365. Any organization—especially those without full-time IT security staff—can benefit from taking these actions.

This guidance provides step-by-step instructions for using 10 high-impact security capabilities. These actions help you implement many of the best practices recommended in the Cybersecurity Campaign Playbook, created by the Defending Digital Democracy program at Harvard Kennedy School’s Belfer Center for Science and International Affairs.

Top 10 cybersecurity recommendations:

Set up two-step verification for all staff. Train campaign staff to quickly identify phishing attacks. Use dedicated accounts for administration. Raise the level of malware protection in mail. Protect against ransomware. Prevent emails auto-forwarding outside of the campaign. Increase encryption for sensitive emails. Protect your email from phishing attacks. Protect against malicious attachments in email. Protect against phishing attacks that include malicious website links in email or other files.

Read Top 10 ways to secure Office 365 and Microsoft 365 Business plans from cyberthreats for details on how to implement each action.

These recommendations are provided as part of Microsoft’s ongoing commitment to the Defending Democracy Program. Qualifying organizations using Office 365 can also take advantage of Microsoft AccountGuard for additional protection to leverage Microsoft’s state-of-the-art threat detection and notification in case of targeted nation-state cyberattacks.