Technology and it’s use has over the years evolved into an almost inevitable tool in the work of civil society organisations (CSOs), human rights defenders and journalists.
As GIF project’s digital security implementing consultant, I have witnessed maximum effectiveness and efficiency in accomplishing tasks in their daily working routines and schedules which has led to high reduction of production time and cost. As promising as technology might be, for human life and organisation’s wellbeing, there are some potential risks and vulnerabilities that CSOs need to be aware of and manage through adoption of right preventive mechanisms and strategies provided by GIF project in Lesotho.
Most funding of CSOs in Lesotho comes from donors. It is therefore, important to maintain trust in the management of these funds. Indeed, trust that can be jeopardised if sensitive organisational information is
compromised, stolen or lost.
CSOs in Lesotho also adopted digital wellness also known as digital wellbeing, the use of technology to ensure every employee’s physical and mental health. Although CSOs rely on their on their digital devices and internet to perform their work, the aim of digital wellbeing is to design technology in such a way that promotes healthy use and proactively assists the user to maintain a healthy lifestyle. A common example of technology that can have a negative effect on CSOs in Lesotho is overuse of social media during working hours.
However, digital wellbeing doesn’t just mean that CSOs take time to disconnect from devices. It’s a comprehensive way for them to think about how their potential unhealthy relationship with technology affects other aspects of their lives.
Most of the CSOs who are beneficiaries of GIF project hold personal information for their clients and conduct incident response on electronic devices. It’s vital to the reputation and day-to-day running of these organisations that they keep the information safe and away from prying eyes. They don’t have to be complacent – poor security can leave their organisations and their clients vulnerable, cyber attacks affect organisational business of all sizes.
Practical steps that beneficiaries of GIF project – Lesotho have adopted to improve their organisational data security:
Backup data – CSOs have adopted backing up their data regularly which was not the case before implementation of the project. They are currently
well aware that if one uses external storage device they should keep it somewhere other than their main workplace – encrypt it, lock it away as possible. In that manner, if there is a break-in, fire or flood, they will minimise the risk of losing all clientele data.
Check backup data – CSOs in Lesotho are now well informed that they should not connect work backup data to personal data and usage of different devices so that any malicious activities don’t easily contaminate or reach their data.
Use of strong passwords and multifactor authentication – CSOs employees use strong passwords on their smart phones, laptops, tablets, email accounts where work or personal information is stored. They have stopped using obvious passwords instead they now use difficult to guess passwords and they are also now knowledgeable that work information can be stored in separate gadgets.
Where possible, they now consider using multi-factor authentication, a security measure used to make sure that the right person is accessing data. It requires atleast two separate forms of identification before access is granted. For example, one uses a password and a one time code which is sent by a text message.
Be aware of surroundings – CSOs are now observant on data access and privacy which was not the case before GIF project. For example, if they are on public transport or shared work or social space, other people may be able to see their screen and see sensitive and private information. I then advised them to use privacy screen which acts as a protection mechanism towards their private data.
Being wary of suspicious emails – Following GIF project, capacity building trainings of CSOs facilitated by GIF project’s digital security consultant, Ms Keiso Mohloboli, CSOs and their employees are now capacitated to be able to spot suspicious emails. They are now able to read signals like bad grammar and demands to urgently act on requests for payments. New technologies mean that email attacks are becoming more sophisticated. A phishing email could appear to come from a known or recognised source. They now know that they should verify authenticity of the email with them if not sure its them.
Anti-virus and Malware protection [And keep it up – to – date] – CSOs are now vigilant about making sure that the devices they use at home or at their offices are secure. They have access to anti-virus softwares that help to protect their devices against malware sent by cyber attackers through phishing attacks.
Secure WiFi connection – using public wi-fi, or insecure internet connections could put work or personal information at risk. Accepting website cookies also exposes internet users to internet risks. If one decides to use public connection should only be when using Virtual Private Network (VPN).
