Recently, there has been a wealth of articles covering tips, tricks, and tools to help us work from home and do our part to slow this pandemic. As an organization that has been embracing more of a remote workspace for the last five years, we’re aligned with many of the suggestions and recommendations other organizations and companies are sharing. However, there is one aspect of remote work that hasn’t gotten as much attention just yet: security.
There’s a lot on our hearts and minds right now: our own health and well-being, the health and well-being of our communities, and the work that will need to be done to help a world profoundly affected by this moment. When we are holding so much already, digital security may not seem like a priority.
But, almost overnight, the virtual space has become undeniably essential to our sustainability. It’s a critical piece of our ability to stay connected, to keep moving forward, to find hope and solace and support.
Because of that, we want to encourage and empower you to practice Digital Resilience.
Digital Resilience is a term that’s been used in the world of cybersecurity to describe a company’s “ability to grow and survive in a changing environment by successfully implementing evolving strategies.”
In the world of nonprofits and grassroots movements, however, it’s started to take on a new meaning that goes beyond the technical. Here’s how we’re defining it at Rockwood:
Resilience – or, the ability to shift from reactivity to a state of resourcefulness in moments of stress and crisis – is one of Rockwood’s 6 Core Practices. It’s what allows us as leaders to stay focused on our Vision no matter what challenge is placed in front of us, whether that challenge is something concrete like a setback in a project, or emotional like a coworker saying something hurtful.
Digital Resilience is a frame for how we stay safe and secure online so we can put our time and energy towards our actual work. Safeguarding ourselves from potential risks like scams, viruses, and surveillance not only decreases the likelihood of those things happening, but also frees us from having to worry about those risks so we can stay resourceful and focused as we lead in this new context of a virtual world.
The good news is that digital security doesn’t have to take up a lot of your or your team’s time. There are quick and easy ways to make some changes right now that don’t require extra knowledge or skill, and will keep you digitally resilient for years to come.
Here are our top recommendations for practicing Digital Resilience:
- Use strong(er) passwords.
You probably know your passwords should be a mix of letters (upper- and lowercase), numbers, and symbols. What a lot of people overlook, however, is that passwords should also be at least 12 characters long and unique for every site you use them on (don’t use the same password for your email as you do for Facebook, for example).
It may seem like a lot of work to create and remember new passwords for every site you use, but it doesn’t have to be! The easiest way to create unique passwords that will stump even the most diligent hacker or software is to use a password generator like this one. For something easier to remember, create a passphrase.
Not sure how secure your passwords are? You can use this site to enter a password and see how long it will take to crack.
- Use strong(er) passwords.
- Change weak or compromised passwords.
Remember how we said passwords need to be unique for every site you visit? That may seem like a major inconvenience, but hackers sell passwords stolen during data breaches specifically because it’s so common for people to use one password in multiple places. So, for example, if you use the same password for your email as you do for another website that had a data breach, hackers will be able to access your email.
You can actually check to see which of your accounts may have been included in a data breach here, but even if you don’t see your email listed, it’s still good practice to change your passwords every so often (especially if they aren’t very strong).
- Change weak or compromised passwords.
- Use a password manager.
How do you remember all these new, strong passwords? Or what if you have a lot of online accounts that need their passwords changed?
Consider using a password manager, like LastPass or Dashlane. Password managers transfer all the passwords stored in your browser, allow you to categorize and search them, and easily create strong passwords when you sign up for new sites. Some, like LastPass, have security check-up features that tell you which of your passwords needs to be updated, and can even do it automatically. For organizations, password managers also let you securely store, share, and change passwords that may be used across your team.
- Use a password manager.
- Set up two-factor authentication.
Two-factor authentication (2FA) might seem like a nuisance. You have to set it up, then have it text you, then input the code… but 2FA puts an extra level of security between you and someone trying to get into your accounts. It also gives you a head’s up that someone might be doing something nefarious.
Nowadays, most apps and services offer 2FA, or even require you to use it. There are also free services like Google Authenticator that will create codes for you.
- Set up two-factor authentication.
- Use encryption.
This one’s a bit technical, so here’s the big picture: without encryption, it’s possible for third parties to “see” what you’re doing online, including what you write in emails and what you view in your browser.
That sounds pretty scary, but the good news is that a lot of our digital world is already encrypted for us. Apps like Slack and devices like iPhones have encryption built in. For web browsers, there’s a free extension from the Electronic Frontier Foundation (EFF) called HTTPS Everywhere. For everything else, like your email or computer, there are a variety of options to set up encryption.
- Use encryption.
- Shift your organization’s culture around digital security.
Everyone has different comfort and knowledge levels with technology, and that can often make behavior changes around security difficult to navigate.
If you or your organization is struggling with that, consider tending to your digital culture. Equality Labs wrote this very clear, people-first guide that includes best practices for having those conversations, as well as security recommendations.
- Shift your organization’s culture around digital security.
- Educate yourself about digital security.
Freedom of the Press Foundation offers resources for general online security training, and if you need to help your friends, family, or coworkers learn about digital security, EFF has a guide for that.Here are resources for other areas of digital security, like being doxxed or keeping your cellphone secure if you do any direct action:
- Do an online security audit, like Security Planner from the Citizen Lab
- Take a phishing quiz to see if you can spot fake emails
- Check out the guides & articles in EFF’s comprehensive Surveillance Self-Defense toolkit
- Read through articles about cybersecurity for nonprofits from Nonprofit Quarterly and TechSoup
- Learn what to do if you’re being harassed online
- If you or your organization engages in direct action / protesting, this guide from Equality Labs is a great resource
- If your organization is using Zoom, the EFF has tips for how to keep your meetings secure
While we’ve done a lot of work on our Digital Resilience at Rockwood, it is still a work in progress and something we are constantly practicing and improving. If you’d like to fortify your digital security but it feels overwhelming, know that there’s no need to do all these things immediately. Any small step you make will increase your Digital Resilience, so we invite you to do what you can as you can.
Much gratitude to Electronic Frontier Foundation, Freedom of the Press Foundation, Camino Public Relations, and our entire staff for supporting this work.