U.S. Presidential Campaign Lacks Security
Candidate Websites Filled with Unmanaged Third-Party Code
Insight into how candidates’ campaign websites meet industry best practices for security and data privacy. View the data summary below and download the full report.
Unmanaged third-party code on candidate websites creates risk for consumers. When browsing these sites or making a donation, consumers are exposed to suspicious activity and unnecessary collection of their personal and financial information.
Campaign websites do not meet industry
best practices for security and data privacy.
Executing code from digital third-party vendors
Domains present malicious or suspect activity
Klobuchar’s cookie use is significantly larger than the other candidate websites
Security incidents exposed consumers to adware or typically unwanted programs
Code on the payment pages had zero relevance to the purchase transaction
Code on Booker donation page is NOT relevant to payment processing
Candidates tracking for 20 years or more. All candidates allow tracking of consumers
Distinct data tracking technologies execute on Warren’s donation page. These entities could gain access to consumer payment information.
Controlling Your Digital Ecosystem
To defend against attacks and the misuse of consumer information, every enterprise needs to safeguard their websites or mobile apps. Specifically, they should:
- Continuously monitor the website from the consumer’s point of view to capture the entire code base involved in rendering each page
- Understand the provenance of all executing code; digital vendors may have multiple domains performing different functions
- Analyze the necessity for all code accessing consumer devices to minimize unnecessary data collection, and, as a bonus, realize improved page speed
- Document, communicate and enforce operational policies with digital vendors to evaluate their compatibility and compliance with your requirements
BOTTOM LINE: Protecting Consumers is Your Responsibility
Candidates—like enterprises—are responsible for the code their websites and mobile apps put on consumer devices. To protect consumers, partners and clients from harm, enterprises need to control the code that executes via their owned digital assets. What’s your website’s attack surface? Request a digital risk scan today.