Many county election websites are lacking basic cybersecurity measures that could leave voters vulnerable to misinformation, security firm McAfee said Wednesday. McAfee threat researchers looked at county websites in 20 states and found that many county sites used .com domains instead of .gov ones, which are required to be thoroughly vetted as being official sites by government officials. Researchers found that Minnesota had the highest percentage of non-.gov domains for county election sites at 95.4 percent, followed by Texas at 95 percent and Michigan with 91.2 percent. Steve Grobman, the senior vice president and chief technology officer at McAfee, noted in a blog post that .com and other domains can be bought by anyone, meaning that misinformation about elections could be more easily shared with potential voters.
McAfee also found that a large majority of the county sites did not enforce the use of Secure Sockets Layer (SSL) certificates, which protect visitors to a website from being redirected to fake sites and encrypt users’ personal information.
West Virginia had the highest percentage of sites without SSL at 92.6 percent. Texas was second with 91 percent, and 90 percent of Montana’s sites were unprotected.
“SSL is one of the most basic forms of cyber hygiene, and something we expect all sites requiring confidentiality or data integrity to have at a minimum,” Grobman wrote. “The fact that these websites are lacking in the absolute basics of cyber hygiene is troubling.”