It is important to note that if you are experiencing online abuse then you should alert colleagues and, where appropriate, police. You should also alert the social media platform in question.
Social media is an important tool for you as a member of staff involved in communication activities for an MP / prospective parliamentary candidate, enabling you to communicate and engage with constituents and key stakeholders.
This online safety toolkit aims to support you in using it as safely as possible and in knowing what to do and where to go if you or your colleagues experience any online abuse.
It has the benefit of enabling you to share key messages and updates on your MP or prospective parliamentary candidate’s work without the need to go through a gatekeeper such as a journalist. It also enables you to respond directly to any questions which constituents may have.
Equally, there are a number of potential pitfalls and risks when it comes to using social media. An important thing to bear in mind here is that social media can be overwhelming, with messages and comments flying around at all times of the day and night.
As such, it is crucial to set boundaries to help protect yourself and to ensure your colleagues support each other in making best use of social media as part of your campaigning and work.
Agree on the times when you or your colleagues will be checking in on your account/s. It is a good idea to include this in your MP / PPC’s bio. Any users should then be aware when they might reasonably expect a response from your accounts.
Vigilance against cyber attacks
As someone who is part of a team supporting a politician or PPC in a high profile role and privy to sensitive information, you are at greater risk of cyber attacks.
Among the potential means of cyber attack is something known as spear-phishing. This is when a communication is sent to a particular person and is designed to look like it has come from a known or trusted contact.
These can be sent to personal email addresses as well as business email addresses. Malicious links can be included in such emails through a URL or can be embedded into a document on something like Google Drive.
The victim can then be directed to a fake sign in page for what appears to be a legitimate service. Their details will then be used to sign into their own account and to forward any future correspondence to the cyber attacker.
If in doubt about whether an email is genuine then check via a different means. Also do a regular check to ensure there is no mail forwarding active on your account.
Be very careful about what, if any, personal information you and your colleagues share via social media. It could be used as part of a spear-phishing attack. Cyber attackers will often gather and use such information to devise persuasive and convincing emails.
Likewise, be cautious about connecting with people on social media, even when they appear to have mutual contacts. They could be fake accounts, set up to impersonate others.
You should use a professional social media management service, which will enable colleagues to create posts without the need for password sharing.
Using a social media management tool enables an audit trail to be kept in terms of who has posted content. If using a social media management tool, ensure that account access logging is switched on, if it is available.
You should also implement a content approval process, setting out how any draft social media content will be checked and signed off to guard against any problematic content.
Only authorised staff should have access to your MP / PPC’s social media accounts and social media management tools. Ensure that such access is removed before any staff members leave their role and change any passwords which they had access to.
You should also ensure you have an emergency recovery plan in place. This should set up what to do, for example, if a colleague or anyone with access to your MP / PPC’s accounts has posted damaging content.
You need to know who to contact in advance of any such situations arising.
Ensure devices are locked when not in use.
The National Cyber Security Centre advises the use of three different words combined to make a stronger password. This renders it more difficult to hack and easier for you to remember.
Share this page:
