In just the past month, we’ve read stories about how Canadian police are tracking environmental activists, the Mexican government is monitoring journalists and activists, and US security agencies are peering into the communications of Black Lives Matter activists. Every day brings more examples of entities and governments around the world violating privacy and putting the security of activists and campaigners at risk.
But there seems to be a tool for every online privacy breach and we’re going to dive into encryption, passwords, and how to secure your data, phone and messaging as you work in an insecure world. You may want to catch up on your threat model first – not everyone faces the same risks.
Choosing (and Using) the Right Online Security Tools
Nick Sera-Leyva, Human Rights and Training Programs Manager at Internews, knows all about how online security tools can help or fall short. “What is key to [online security and privacy] is that the tools are not what’s helping you. The tools themselves are not the solution; it’s how you use them. You need to know what they’re capable of and what they’re not.”
The tools themselves are not the solution; it’s how you use them. You need to know what they’re capable of and what they’re not.
- Nick Sera-Leyva, Internews
Taking Sera-Leyva’s warning into consideration, let’s look at a variety of ways you and your organization can improve your digital security. However, just because we introduce something below doesn’t mean it’s sacrosanct and it doesn’t mean it will work for you. Explore threat modeling and understand your situation before deploying new tools.
DataGenetics did a study of 3.4 million four-digit PINs. They found the most common PIN was 1234 (11 percent), and in second place was 1111 (6 percent). This shocking lack of creativity goes to a larger point: you aren’t going to protect yourself by being unoriginal or basic. There are a couple of steps you can take to be better off than the 17 percent mentioned here.
“Organizations should have a stated password policy,” says Allen Gunn, the executive director at Aspiration. This is a very low-tech, first step that most organizations can benefit from. Password policies should include how often a new password needs to be created, who can know a particular password, and to not allow the same password for multiple accounts. Most importantly, these procedures need to be followed by everyone in the organization.Read the rest now…