Candidates, campaigns and political parties aren’t the only ones gearing up for the election, the Colorado Democratic Party warns in this month’s Democratic Dispatch newsletter. The Russian government-aligned hackers who broke into email accounts belonging to Democrats – including presidential nominee Hillary Clinton, her campaign chairman John Podesta and state Sen. Andy Kerr – in order to influence the last election look like they’re back for more, and no one involved in politics is safe, the state party’s tech team advises.

That’s right – Andy Kerr, the Lakewood Democrat who briefly ran for Congress last year and is known for bicycling to the Capitol, as well as his advocacy for education issues. In a little-noticed footnote to the 2016 campaign, more than 10,000 of Kerr’s emails wound up posted on a site used by Russian hackers to leak stolen emails, an occurrence the lawmaker told the Associated Press a couple of weeks ago still leaves him baffled.

While he said he supports transparency – presumably, most of the emails would have been available to the Russians if they’d simply filed a Colorado Open Records request – Kerr said, “It shouldn’t be up to a foreign government or some hacker to say what gets released and what shouldn’t.”

The AP checked in with Kerr after a cybersecurity company recently sounded the alarm over what appears to be early attempts by the Russian hacking operation known as Fancy Bear to penetrate the U.S. Senate’s email system. And that raised the figurative hair on the back of the Colorado Democratic Party’s neck.

“[I]f you are active in any campaign or party politics, you are a target,” the Dems write, pointing to the Kerr hack. Most of the attempts involve “phishing,” or emails that try to get the recipient to enter passwords and account information on imposter websites.

“As scary as all this sounds, you can fight back,” the Dems say, and suggest the following steps:

1. Delete and empty any email you have with secret or embarrassing content.

2. Treat all your emails as public records from now on.

3. Change your email passwords early and often.

4. Don’t respond to any websites or emails containing links to enter your passwords. Use only the official site you know is valid.

On Friday, the state party’s tech team – “volunteer coders, scripters, application designers & developers, and IT security experts” working on app development and security for the party – posted the first part of a series on protecting passwords.

There’s more to come, the tech team wrote in the party newsletter, adding, “Until then, be careful and be clean!”