LOUISVILLE, KY (WAVE) - For the first time, qualifying candidates in Kentucky are getting some serious instructions on cybersecurity.
Secretary of State Alison Lundergan Grimes emailed every candidate in this election cycle the "Cybersecurity Campaign Playbook," created at Harvard.
The 35 page handbook offers stern warnings describing campaigns as "uniquely soft targets." It states the "risks of a potential attack are increasing and so are the consequences."
"You don't want to get embarrassed, that's probably the main point," Roman Yamploskiy, Director of the Cybersecurity Lab at the University of Louisville said. "If you are incompetent to where they can guess your password the first time, post something on your Twitter feed, it's a problem."
For a political campaign, it could be a case of pay now or pay later.
Files with accounts, donor information, policy drafts and personal communications could be gold to hackers regardless of the importance of the office being sought. The Harvard Playbook says "the strongest defenses that time and money allow is key."
"Depending on the value of the information you're protecting," Yamploskiy said. "More and more resources would have to be allocated to protect that information."
"What we have given them is the basic information they need to not only keep their campaign safe from foreign cyber intrusion, but also the personally identifiable information they garner as they try to get people to the polls," Kentucky Secretary of State Alison Lundergan Grimes said.
The playbook recommends a checklist for candidates to follow that includes strong passwords for access, a secure commercial cloud service for storage, and multi-layered security features.
But experts say even then there is no guarantee of security. One of the strongest points made in the playbook is to have a plan if or when something goes wrong.