Security, Bespoke
Digital security has become a part of everyday life. We all know about computer viruses, email scams and Facebook privacy settings and how they can run amok with our information. But for those who use these channels to advocate for democracy, digital security goes beyond protecting our embarrassing photos and banks accounts. It can serve as a connection to the outside world and a line of defense against harassment and arrest faced by activists around the world.
But security goes beyond anti-virus software, encryption and circumvention measures. Security has to be part of a complete solution, where tools are only part of the process. And each solution will be unique. Some of the steps and tools for tailoring a custom security solution I've found in my time at NDITech are:
The Risk
Before you can decide on your security solution, you have to understand the security problem. What is it you are protecting? What are you protecting against? What happens if your security fails? Knowing the answers to these questions is a great first step towards minimizing risks. MobileActive has created a great resource that explains risk and the assessment process (or for the more fortified check out the NIST Risk Framework. Taking the time to consider risk provides a solid grounding for creating a security plan that fits your needs.
The Tools
There is an almost unending selection of digital security tools available to deal with every conceivable problem. Deciding which tool to use can seem like an impossible task, but narrowing it down by understanding the risk enviroment can help make this decision easier. Having a tool that meets your needs is essential. A report earlier this year, discussing circumvention techniques, showed that the priorities of an organization determine what tool is right for them, and that these priorities change over time. There isn't a one-size-fits-all solution to these problems.
The Application
Beyond finding the right tools for you, using them in the right combination is crucial. For example, many people feel protected once they download an anti-virus software, but even with regular updates and scans of your computer, a single tool can only protect you so far. Improved security takes a combination of good tools and good habits, so the tools are used in the appropriate ways for your environment. There are a number of resources that begin to help fill this need. Movements.org has an easy-to-use how-to section with guides on general advice, as well as specific tools. Tactical Tech has also created Security-in-a-box to help organizations develop security systems. While these guides aren't going to cover every detail of every tool, once you've assessed your risks and identified the best ways to mitigate them they are a great place to start.
The Gaps
The final piece, going back to one of our recent blog posts, is that every security system is flawed, and the best way to stay safe is to stay aware. Understanding where the gaps are helps you understand your risks, which brings security full circle.
Thinking of security as an individual, cyclical process instead of a standardized, one-time implementation keeps us on top of our systems and makes us reevaluate our risks at every turn.