Easy Encryption Tips for Nonprofits

cyber sec.jpg

If you have been paying attention to the news lately, it seems like every other story is on some type of cyber security hack. The FBI even issued a public service announcement warning of recent ransomware attacks. Here are 10 simple tips to keep your nonprofits sensitive information secure.  

1. Consider using more secure alternatives than Google Docs

“If you value anonymity and privacy from corporations or the government, you might not want to host all your work on Google’s infrastructure,” said Jamila Khan of Palante Technology Cooperative, who’s researching alternatives to Google Docs for progressive nonprofit clients.

When you use Google products, you’re not the customer—you are the product. Google watches everything you do using their services, keeps all your data, and monetizes it through advertising.


2. Don’t leave a digital breadcrumb trail

If you want to keep a piece of information private, don’t put it online unless you have to.Plenty of people are cavalier about the stuff they text, email, write in Google Docs, and record digitally.

3. Download a more secure messaging system

Webmail providers like May First/People LinkRiseup Mail, and ProtonMail, offer secure email and communication tools, some specifically designed for activists. But note that the only way to get end-to-end encryption is if both parties in communication use encrypted services (such as Proton to Proton, Riseup to MayFirst).

4. Surf the web safely

For anonymous web browsing, download Tor. Use a search engine that doesn’t track you, like DuckDuckGo. The Tor browser protects your anonymity by bouncing your communications around a distributed network of Tor servers around the world, and encrypting that traffic so that it can’t be traced back to your computer.

5. If you go to a protest, leave your phone at home

Depending on the nature of the protest, demonstrators’ phones might be surveilled by local police with  stingray tracking devices, or even the FBI.

6. Get serious about your passwords

Enable two-factor authentication on all online accounts. Change your passwords every few months—and make sure they’re strong, which means random and unique.

7. Think about how you present yourself on social media

The information you’re providing about yourself on social media profiles could become a liability. In the event of a crackdown on free speech, your posts on Facebook, Twitter, Instagram, and YouTube could become a form of self-incrimination, even if you haven’t committed a crime.

8. Know your threat models

In cybersecurity land, “threat modeling” is the process of systematically analyzing the vulnerabilities of a given network or individual and identifying what measures should be taken to protect against probable threats. Whether you’re devising a threat model for securing your phone at a protest, your laptop when you don’t trust your roommate, or your online banking, ask yourself who you’re protecting yourself from, and how many layers of security you need.

9. Adopt encryption measures even if you don’t think you’re a likely target

Some people still assume that if they’re a law-abiding citizen, they have nothing to hide and therefore don’t need encryption. But history suggests that’s naive. (See: Snowden’s warning about the NSA collecting your dick pics.) “A dream is to make being safe on the internet as automatic and normal as buckling your seatbelt in a car,” Candace Williams said. “The more people adopt privacy practices, the safer everyone is. It’s partly a future-proofing strategy.”


10. Don’t get paranoid, if you can help it

“If you Google how to protect yourself online, it can be like looking up symptoms on WebMD—you’re going to get nightmare scenarios,” Williams says. Alternatively, attending a CryptoParty is like visiting a doctor who offers individualized advice—and tells you not to freak out.


 Improve Security, Collaboration and Support 
New Call-to-action


View the original article from Quartz Media   Featured Image Courtesty of iStockPhoto/NicoElNino
Have technology questions or want to learn more about how Tech Impact can help your nonprofit?