In this day and age, I'd recommend consulting with actual security professional for organizations as public as political parties.
Short of that, make sure to (at least) cover the basics:
- Ask everyone to use a trusted password manager and strong, unique password for everything. Avoid shared accounts and shared passwords.
- Enable 2FA everywhere, strongly prefer authentication apps or even better, hardware tokens over SMS. Use SMS 2FA only as a last resort.
- Have everyone go through cyber security awareness training. Many attacks start off as (spear) phishing emails and/or various social engineering shenanigans.
- Update every piece of software obsessively. That includes everything from workstations and phones to servers, VPNs, routers and printers. Do not use any device which isn't supported anymore.
In this day and age, I'd recommend consulting with actual security professional for organizations as public as political parties.
Short of that, make sure to (at least) cover the basics:
- Ask everyone to use a trusted password manager and strong, unique password for everything. Avoid shared accounts and shared passwords.
- Enable 2FA everywhere, strongly prefer authentication apps or even better, hardware tokens over SMS. Use SMS 2FA only as a last resort.
- Have everyone go through cyber security awareness training. Many attacks start off as (spear) phishing emails and/or various social engineering shenanigans.
- Update every piece of software obsessively. That includes everything from workstations and phones to servers, VPNs, routers and printers. Do not use any device which isn't supported anymore.