1. Home
  2. »
  3. Securing online activity
  4. »
  5. Guides and resources for digital security

 

The Responsible Data Forum has written a handbook, available as a downloadable PDF, to support international development projects. It is based on academic, human rights and advocacy sources and was written in the Netherlands with the support of Hivos, a Dutch development agency, as part of a book sprint in 2014.

It outlines the following questions you need to consider when developing your organization’s threat model and making choices about data management and digital security:

  • How transparent should you be about your data management?
  • How do you prevent data breach?
  • How do you protect your systems and networks?
  • How do you protect your donors’ and users’ data?
  • What are you legal data retention requirements?
  • What privacy risks and requirements do you and your donors have?
  • Jurisdiction dependencies.
  • How do you deal with credit cards
  • Transparency around your data handling policies
  • Consider whether you should provide anonymity services. for example, proxies, or TOR as a way to protect privacy and defend against surveillance
  • How will you avoid SPAM, phishing and online fraud?

Digital security guides

Answers to these question can be found in Security in a Box, which offers a full set of tutorials and references to tools for Windows, OSX and Linux as well as for mobile devices like smart phones and tablets. The contents include:

The Association for Progressive Communications (APC) offers a Digital Security First-Aid Toolkit for Human Rights Defenders that covers a set of topics useful for every organization coming online, especially those involved with advocacy and vulnerable communities.

APC Digital Security First Aid Kit can be accessed here: https://www.apc.org/en/irhr/digital-security-first-aid-kit

Electronic Frontier Foundation (EFF) provides recipes for Human Rights Defenders for avoiding surveillance:

  1. An Introduction to Threat Modeling
  2. Communicating with Others
  3. Keeping Your Data Safe
  4. Things to Consider When Crossing the US Border
    1. Choosing the VPN That’s Right for You

Digital certificates for secure browsing

In order to set up a secure website, one that uses HTTPS instead of HTTP in its Uniform Resource Locator (URL, e.g. https://toolkit.wiki), it is necessary to obtain a security certificate from a recognized authority. Let’s Encrypt automates the process of turning on and managing HTTPS. It is also free, though donations are requested. When using a service like WordPress.com, the certificates are included as part of the service.

DNSimple has created a user-friendly guide that explains how HTTPS works, available here.