________________________________________________________________________________
In this day and age, I'd recommend consulting with actual security professional for organizations as public as political parties.
Short of that, make sure to (at least) cover the basics:
- Ask everyone to use a trusted password manager and strong, unique password for everything. Avoid shared accounts and shared passwords.
- Enable 2FA everywhere, strongly prefer authentication apps or even better, hardware tokens over SMS. Use SMS 2FA only as a last resort.
- Have everyone go through cyber security awareness training. Many attacks start off as (spear) phishing emails and/or various social engineering shenanigans.
- Update every piece of software _obsessively_. That includes everything from workstations and phones to servers, VPNs, routers and printers. Do not use any device which isn't supported anymore.
Probably not AWS if your party don't like Amazon.
It could be somewhat hypocritical to use big cloud providers if the party is heavily anti-corporate, but even then... who cares?
You can very well be in favor of regulating companies whose services you rely on, and accept the consequently increased bills.
I would guess a few people would care. A journalist or two.
No regulation doesn't necessarily mean lower bills. Look at the fortune of Jeff Bezos.