I saw this interesting post by technical entrepreneur and social critic Maciej Cegłowski recently: What I Learned Trying To Secure Congressional Campaigns. It’s a long account, though entertaining and informative, of his efforts traveling the country, teaching political campaigns about basic computer security practices.
As if getting campaigns to meet with you wasn’t hard enough, there’s also the problem of what to tell them.
The limiting reagent here is people’s mental capacity for hassle. You have to take pains not to burn through it. It is possible, with whining, to get a campaign to do one or two things. If you catch them early enough, and can visit them multiple times, maybe they will do a third thing.
If you work with or know anyone who works on campaigns, there’s a lot of good, first-hand insight there.
For much shorter checklists of items to consider, there are also succinct resource pages on the website of his organization, Tech Solidarity. In addition to security advice for Congressional campaigns, there are also basic security guidelines for activists and journalists, instructions for using U2F security keys, and more.