The Responsible Data Forum has written a handbook, available as a downloadable PDF, to support international development projects. It is based on academic, human rights and advocacy sources and was written in the Netherlands with the support of Hivos, a Dutch development agency, as part of a book sprint in 2014.
It outlines the following questions you need to consider when developing your organization’s threat model and making choices about data management and digital security:
- How transparent should you be about your data management?
- How do you prevent data breach?
- How do you protect your systems and networks?
- How do you protect your donors’ and users’ data?
- What are you legal data retention requirements?
- What privacy risks and requirements do you and your donors have?
- Jurisdiction dependencies.
- How do you deal with credit cards
- Transparency around your data handling policies
- Consider whether you should provide anonymity services. for example, proxies, or TOR as a way to protect privacy and defend against surveillance
- How will you avoid SPAM, phishing and online fraud?
Digital security guides
Answers to these question can be found in Security in a Box, which offers a full set of tutorials and references to tools for Windows, OSX and Linux as well as for mobile devices like smart phones and tablets. The contents include:
- Protect your device from malware and hackers: Prevent worms, viruses and trojans
- Protect your information from physical threats: Ensure your workplace and devices are secure
- Create and maintain secure passwords: Learn to manage strong passwords
- Protect the sensitive files on your computer: Learn to encrypt data and files
- Recover from information loss: Back up your devices and data
- Destroy sensitive information: Delete data permanently
- Keep your online communication private: Encrypted chat and email
- Remain anonymous and bypass censorship on the Internet: Using Tor and VPNs
- Protect yourself and your data when using social networking sites: Using Facebook, Twitter and Flickr safely
- Use mobile phones as securely as possible: Staying safe when using cellphones
- Use smartphones as securely as possible: Android and iPhone safety
The Association for Progressive Communications (APC) offers a Digital Security First-Aid Toolkit for Human Rights Defenders that covers a set of topics useful for every organization coming online, especially those involved with advocacy and vulnerable communities.
- Keeping Passwords Safe
- Carrying sensitive data in a secure manner
- Using a computer without leaving a trace
- Chatting in a secure manner
- Accessing a blocked website anonymously
- Send email that only the recipient can read (encryption)
- Send email that can’t be traced
- Securing mobile device communications
- Recovering a hacked or hijacked website
- What to do if email, Facebook or Twitter account is hijacked
- How to protect privacy when using a computer
- An Introduction to Threat Modeling
- Communicating with Others
- Keeping Your Data Safe
- Things to Consider When Crossing the US Border
Digital certificates for secure browsing
In order to set up a secure website, one that uses HTTPS instead of HTTP in its Uniform Resource Locator (URL, e.g. https://toolkit.wiki), it is necessary to obtain a security certificate from a recognized authority. Let’s Encrypt automates the process of turning on and managing HTTPS. It is also free, though donations are requested. When using a service like WordPress.com, the certificates are included as part of the service.
DNSimple has created a user-friendly guide that explains how HTTPS works, available here.