Article by our Digital Learning and Youth Leadership Program Lead, Hamza Arsbi
Remote work has been accelerated with the COVID-19 crisis, aided by and expanding digital space with new technologies that make online collaboration easy. While these developments have opened the door to many new possibilities for activists and social entrepreneurs, many dangers are associated with the lack of understanding the mechanics of the digital space.
Activists and social entrepreneurs work on vital development issues that often involve data collection from at-risk individuals or vulnerable communities. Online documentation, communication, and storage creates an opportunity for oppressive regimes, online pirates, and other bad actors to access private data and use it for nefarious ends. While many popular online tools work on adding extra security systems, the responsibility to protect the activists, their teams, and their beneficiaries, falls mainly on them and their organizations. It is therefore vital to include the entire team in the internal protection policy development and work with them to increase their awareness of security threats that might impact them.
Misconceptions About Security
According to Cybersecurity expert, Nigel Phair, a cyber-attack occurs almost every 14 seconds. Based on research, he identified four main misconceptions that organizations and individuals fall into when dealing with their Cyber Security:
1- Many believe that cyber-attacks are not common, or that their organizations are not of interest to attackers. He affirms that any business, NGO, or person, even government, are subject to cyber threats. Our online presence and constant connectivity to the internet make our data valuable targets for bad actors. From blackmail through personal account information to using mass data to influence communities, cyber attackers will find ways to utilize the information they access.
2- Another misconception is that viruses are the biggest cyber threat. Phair states that while viruses are common, the two biggest cyberthreats are currently phishing attacks and compromised emails. Applying deceptive emails and communications to access sensitive information or gain access to funds.
3- A common misconception is that anti-virus and firewalls are enough for cybersecurity. He argues that while protection software is important, hacking is not always through advanced technologies, many times it is through human manipulation. Email attacks depend on human error, so increasing awareness among employees is a key component of any effective cybersecurity strategy.
4- Finally, there is a misconception that cyber attacks are limited to specific areas and do not vary in their approach. While attacks such as phishing and other email threats are the most common, Phair notes that the threats are constantly evolving in new ways and finding new loopholes. The size and work of the organization also make risks unique to each context. This is why there are no one-size-fits-all solutions.
Tools and Platforms to Increase Your Cyber Security
When exploring new solutions for Activists and Social Entrepreneurs, especially in the MENA region, language and customizability come up as important factors for accessibility. This is why Tech Tribes was glad to identify The Digital Protection Platform with its many tools in Arabic, trying to help development organizations and human rights defenders across the region improve their data security.
The Digital Protection platform provides guidance and resources to improve data security in three core aspects. First, digital behavior changes through awareness. This includes creating secure browsing habits, data storage methods, and safe communication procedures. Second, fortifying existing tools through added security options. From adding two-step verification on Gmail and other social media sites to adding encryption for email and other communications. Finally, introducing new tools and resources for increased security such as VPN use, Secure Online Search, and Secure Password Management.
Digital tools and online technologies provide activists, NGOs, and human rights defenders with great powers and opportunities to reach more people, collect data, and inform decision making. However, with these new areas of growth comes a new kind of responsibility for the protection and security of those they work with and their data. Through raising awareness of security threats and the co-development of cybersecurity strategies, these defenders will rise to this heavy responsibility.