If you have been paying attention to the news lately, it seems like every other story is on some type of cyber security hack. The FBI even issued a public service announcement warning of recent ransomware attacks. Here are 10 simple tips to keep your nonprofits sensitive information secure.
1. Consider using more secure alternatives than Google Docs
“If you value anonymity and privacy from corporations or the government, you might not want to host all your work on Google’s infrastructure,” said Jamila Khan of Palante Technology Cooperative, who’s researching alternatives to Google Docs for progressive nonprofit clients.
2. Don’t leave a digital breadcrumb trail
If you want to keep a piece of information private, don’t put it online unless you have to.Plenty of people are cavalier about the stuff they text, email, write in Google Docs, and record digitally.
3. Download a more secure messaging system
Webmail providers like May First/People Link, Riseup Mail, and ProtonMail, offer secure email and communication tools, some specifically designed for activists. But note that the only way to get end-to-end encryption is if both parties in communication use encrypted services (such as Proton to Proton, Riseup to MayFirst).
4. Surf the web safely
For anonymous web browsing, download Tor. Use a search engine that doesn’t track you, like DuckDuckGo. The Tor browser protects your anonymity by bouncing your communications around a distributed network of Tor servers around the world, and encrypting that traffic so that it can’t be traced back to your computer.
5. If you go to a protest, leave your phone at home
Depending on the nature of the protest, demonstrators’ phones might be surveilled by local police with stingray tracking devices, or even the FBI.
6. Get serious about your passwords
7. Think about how you present yourself on social media
The information you’re providing about yourself on social media profiles could become a liability. In the event of a crackdown on free speech, your posts on Facebook, Twitter, Instagram, and YouTube could become a form of self-incrimination, even if you haven’t committed a crime.
8. Know your threat models
In cybersecurity land, “threat modeling” is the process of systematically analyzing the vulnerabilities of a given network or individual and identifying what measures should be taken to protect against probable threats. Whether you’re devising a threat model for securing your phone at a protest, your laptop when you don’t trust your roommate, or your online banking, ask yourself who you’re protecting yourself from, and how many layers of security you need.
9. Adopt encryption measures even if you don’t think you’re a likely target
Some people still assume that if they’re a law-abiding citizen, they have nothing to hide and therefore don’t need encryption. But history suggests that’s naive. (See: Snowden’s warning about the NSA collecting your dick pics.) “A dream is to make being safe on the internet as automatic and normal as buckling your seatbelt in a car,” Candace Williams said. “The more people adopt privacy practices, the safer everyone is. It’s partly a future-proofing strategy.”
10. Don’t get paranoid, if you can help it
“If you Google how to protect yourself online, it can be like looking up symptoms on WebMD—you’re going to get nightmare scenarios,” Williams says. Alternatively, attending a CryptoParty is like visiting a doctor who offers individualized advice—and tells you not to freak out.