A list of tips for NGOs to keep their data secure.
For a comprehensive guide check out ssd.eff.org
Types of attack of most concern to NGOs:
To plan for this:
- Make sure all machines and devices have a secure login.
- Encrypt all hard drives and backups.
- Keep any sensitive data in the "cloud" and don't have a local copy.
- Keep phones and devices encrypted.
- Enable devices to be wiped remotely.
- Use end-to-end encrypted chats whose history automatically clears.
- Don’t write anything in emails, chat or online that you wouldn’t want read back in court.
This can happen with or without the team member's cooperation.
To plan for this:
- Avoid group chats when discussing anything private.
- Use end-to-end encrypted chats whose history automatically clears.
This is where an attacker gets between you and a service (like gmail) or between you and another user (in the case of a chat app).
To plan for this:
- Always use HTTPS URLs in your browser (as opposed to HTTP; look for the lock icon in the location bar) and do not ignore certificate warnings.
- Use end-to-end encrypted chats whose history automatically clears.
- Always use 2-factor authentication for online services (e.g. gmail, Facebook, Twitter, Slack, Windows 10, Telegram, Apple accounts and most other services).
- Never use the same password twice. Use a password manager to generate passwords, never make one up.
- Always use 2-factor authentication for online services (e.g. gmail, Facebook, Twitter, Slack, Windows 10, Telegram, Apple accounts and most other services)
- Never use the same password twice. Use a password manager to generate passwords, never make one up.