As technology experts are fond of reminding us:

“Your information is only as secure as your weakest device”.

With increasingly sophisticated cyber-monitoring a growing challenge for human rights documenters, it is more important than ever to make sure your devices and applications are well-protected. Here are nine practices for good digital security hygiene.


1. Use strong passwords
Your passwords should follow the handy acronym, S.U.R.E.: Sentence length, Unique, Random, and Easy to remember. Do not reuse your passwords on multiple accounts. And avoid letting web browsers remember your account information. You can use password managers such as KeePassXC and LastPass, both of which are free to download for computers and smartphones. Password managers are not only a reliable and secure method of keeping track of your passwords, they can also generate and remember strong passwords for you.


2. Use two factor authentication (2FA)
2FA is the option of having more than one password or key for your account, such as having to enter a password, followed by generated code. 2FA can be enabled on email, social media and other tools in a few simple steps. The purpose of 2FA is to avoid phishing attacks, ID theft and account hacking. Even if someone has stolen your passwords, 2FA will prevent them from accessing your accounts. There are three types of 2FA: using SMS/text messages, mobile phone apps and physical security keys. FreeOTP or Google Authenticator are the most widely used apps for 2FA. Setting up 2FA is quick and easy: see the tutorial for guided instructions.


3. Keep all software and O.S. up-to-date
Make sure your software is always up-to-date. If you are a Windows user, upgrade it to the latest version. This helps to protect your computer from malware (malicious software) such as ransomware.


4. Use hard drive encryption
You should protect all the data in your computer’s drives from unauthorized access. This can protect you if your computer is lost or stolen. BitLocker is a closed-source program for Windows users; VeraCrypt is an alternative, free, open-source software for all users to enable hard drive encryption.


5. Use a trusted Virtual Private Network (VPN)
When you connect to a network in order to access the internet, the network’s owner is normally able to monitor your activity, such as the websites you visit. Using a VPN routes your internet activity over the VPN provider’s system, so that from the point of view of the network you are connected to, the VPN is the only system you interact with. It is wise to use a VPN when you connect to an untrusted public network such as in a café, hotel or airport. However, you should note that the VPN service provider can still monitor your activity. Using a VPN also encrypts the data you exchange with the VPN provider so the networks in between cannot read it.


6. Look at the URL bar carefully
It is important to avoid visiting insecure web pages. Check for a ‘green lock’ image beside the URL. You can expand short URLs to check whether a web page is safe to visit. Secure websites use HTTPS, with the “S” signifying that it is protected by encryption. Alternatively you can install a plugin for your web browser called “HTTPS Everywhere”, which forces you to use HTTPS only.


7. Be aware of phishing attacks
When you open an email, check the email address of the sender. If you think you have received a suspicious email, be careful of downloading attachment files, or clicking links which then require you to log in to any accounts you own. For example, even if you receive an email from a trusted website and are asked to log in, you should go to the site directly and log in there instead of clicking the link embedded in the email. Any unexpected emails which ask you to take action with a sense of urgency, threat or via a request for help should be treated with suspicion.


8. Use Email encryption
If you want to increase your email security and protect your email communications, consider email encryption. Encrypting your emails is equivalent to putting your message into a lockable box that only the intended recipient of the email can open to read it. Enigmail, Tutanota and Mailvelope are the most widely used applications for encrypting email. See a tutorial for setting up email encryption in the description box below.


9. Do regular back-ups
It is best to assume your approach to security is not perfect. To prepare for the event that your security is broken and your data is lost, it is essential to make regular back-ups so that you can still retrieve your data. Having regular back-ups can also allow you to compare a back-up to the data on your computer, which will enable you to see if someone changed it without your permission. Remember, no digital security system is perfect, and new vulnerabilities emerge all the time. However, following these recommendations can go a long way to keeping you and your data secure. For more information, including how to access in-person digital security training for yourself or your organization, visit the website.


Last Updated: September, 2018

Advised by: Eike Hein