Some bathrooms have signs urging people to wash their hands. But at the Democratic National Committee, reminders hanging in the men’s and women’s restrooms address a different kind of hygiene. “Remember: Email is NOT a secure method of communication,” the signs read, “and if you see something odd, say something.” The fliers are a visible symptom of an increased focus on cybersecurity at the DNC, more than two years after hackers linked to the Russian military looted the committee’s computer networks and inflamed the party’s internal divides at the worst possible time for Hillary Clinton. But the painful lessons of 2016 have yet to take hold across the campaign world — which remains the soft underbelly for cyberattacks aimed at disrupting the American political process.
Despite making some strides in cybersecurity protections since 2016, cyber experts and researchers say, many candidates and campaigns have yet to implement standard safeguards to prevent breaches of their computer networks, websites and emails.
“It just doesn’t seem to be as urgent of a concern in the conversations I’ve had,” said Ronald Bushar, government chief technology officer for FireEye, which has long tracked the Russian hacker group that U.S. intelligent agencies say targeted the Democrats and Clinton.