[maltalex]

In this day and age, I'd recommend consulting with actual security professional for organizations as public as political parties.

Short of that, make sure to (at least) cover the basics:

- Ask everyone to use a trusted password manager and strong, unique password for everything. Avoid shared accounts and shared passwords.

- Enable 2FA everywhere, strongly prefer authentication apps or even better, hardware tokens over SMS. Use SMS 2FA only as a last resort.

- Have everyone go through cyber security awareness training. Many attacks start off as (spear) phishing emails and/or various social engineering shenanigans.

- Update every piece of software obsessively. That includes everything from workstations and phones to servers, VPNs, routers and printers. Do not use any device which isn't supported anymore.