Quick Tips: Digital Security Best Practices for CSOs in Africa
What is digital security and should civil society organisations be concerned?
Technology and its use have over the years evolved into an almost inevitable tool in the work we do. We have witnessed maximum effectiveness and efficiency in accomplishing tasks in our daily work routines and schedules which has led to high reduction of productivity time and cost.
However, as promising as technology might be for human life and organisation’s wellbeing, there are some potential risks and vulnerabilities that civil society organisations need to be aware of and adopt the right preventive mechanisms and strategies.
As civil society organisations in Africa, almost 80% of our funding comes from donors. We must understand that resource mobilisation is all about trust and that can be jeorpadised if sensitive information has been compromised, stolen or lost. This might cause an immediate termination of all donation plans which will in turn hurt your cause, fundraising efforts and overall image. We must nurture donor relationship and this includes ensuring all information are strongly protected and secured. This establishes a level of trust and credibility for our organisations.
To ensure that a high level of trust is maintained, efficiency and continuity of our operations go uninterrupted by challenges or threats posed by technology, civil society organisations must keep themselves safe from cyber- attacks. Below are some best practices civil society organisations can adopt to prevent cyber-attacks:
1. Securing your hardware:
With so much attention given to acquiring the newest and most sophisticated types of cyber security software, safeguarding the security of our organisation’s hardware is often overlooked, but the loss or theft of devices is a real threat to be aware of.
Begin your cyber-attack prevention strategy with the basics: protect all devices with a complicated password, do not share your passwords with any one and commit it to memory instead of writing it down in an easily accessible place. Below are some password management tips that are worth considering:
- Use stronger password conventions.
- Avoid sharing passwords with anyone. Especially in emails and other messaging applications.
- Avoid using the same password for more than one account.
- Enable multi-factor authentication.
- Avoid browser password management at all cost. In place of this you can use password encryption tools. Eg: Lastpass to manage all your passwords.
2. Data encryption and backup:
An effective cybercrime protection strategy must consist of two elements: preventing physical access to sensitive data and rendering that data useless if it falls into the wrong hands. In simple terms, encryption is the process of using an application to conceal data by converting into a code and making it inaccessible to unauthorised users.
Be sure to encrypt all sensitive data, including customer information, employee information and all business data. Also, periodic backups to both cloud and local storages (pendrives, external hard drives, etc.) that are totally isolated from any network is highly encouraged.
Some file encryption applications organisations can consider using include the following: BitLocker (Windows), Encrypto (Mac).
3. Use robust anti-malware and firewall software:
Certain types of malware can work quietly in the background and only be detected by an anti-virus programme when it is too late to save your files. Effective anti-malware tools can catch and isolate software viruses when they strike, preventing these viruses from entering your database in the first place.
4. Use virtual private network (VPN):
A VPN gives you online privacy and anonymity by creating a private network from a public internet connection. VPNs mask your internet protocol (IP) address, so your online actions are virtually untraceable.
In a VPN, the computers at each end of the tunnel encrypt the data entering the tunnel and decrypt it at the other end.
In conclusion, we should understand that information security is a never-ending task. It requires lots of efforts to be able to stay safe and secure. We all need to contribute to this very essential endeavour to build a collective reputation of safety and credibility across the civic space.
NOTE: Opinion expressed in this article are solely those of the author, and do not necessarily reflect the opinions or views of the West Africa Civil Society Institute.
About the author
Kwame is an experienced IT Consultant with high level of expertise in full stack applications development, cyber security, cloud computing, digital marketing, multimedia production and brand management. He holds a Bachelor's Degree in Information Technology and is a Microsoft Programme Alumni. He is currently serving as a Project Assistant on the Techsoup Project.