This section will help you think about how well your organisation protects its digital information.
HOW COMPLETE IS YOUR DIGITAL SECURITY?
You rely on digital technology to achieve your outreach, data collection, communication and mobilisation objectives. However, if you are not operating in a digitally safe manner, you may be putting your organisation and those around you at risk. Adopting practices for safe communication and information integrity will help ensure the digital security of your organisation’s people and information.
STRENGTHENING YOUR DIGITAL SECURITY
Use your assessment to determine your next steps. In all cases, you should:
- Discuss the results of this organisational strength map with IFEX. We may be able to connect you with relevant reference materials, external consultants, training opportunities or a skills exchange with another IFEX member.
- Discuss the results with some of your most committed funders who may be able to support some areas of your organisational development.
HOW COMPLETE IS YOUR DIGITAL SECURITY?
1. Our organisation has practices in place to safeguard our network and personal computers, that address physical security of the office premises as well as security of any off-site components.
Yes
Somewhat
No
2. We protect our data with procedures for backups and recovery of information.
Yes
Somewhat
No
3. We have introductory training or orientation information for new staff that addresses how to handle sensitive information.
Yes
Somewhat
No
4. Our contracts with server providers guarantee the encryption and privacy of our data on their machines.
Yes
Somewhat
No
5. We require staff to use passwords with a minimum of 8 characters, containing letters, numbers and symbols, and to change passwords frequently.
Yes
Somewhat
No
6. We have a clear inventory of where our data is collected, transmitted and stored.
Yes
Somewhat
No
7. All of our computers have anti-virus and anti-malware controls installed and regularly updated. Their operating systems are always up-to-date.
Yes
Somewhat
No
8. We have a policy regarding safe usage of mobile phones and of removable computer media (e.g., USB drives, Secure Digital (SD) memory cards, external hard drives).
Yes
Somewhat
No
9. Our website runs on Secure Socket Layer (SSL). (Our visitors access it with HTTPS:// instead of HTTP://)
Yes
Somewhat
No
10. All the computers and mobile devices in our organisation have the self-lock option activated.
Yes
Somewhat
No
If your assessment shows that you have answered mostly “No”
• Appoint someone in your organisation to identify where the main gaps are in the way data on your network and on your personal computers is stored and shared.
• Undertake a threat analysis for your organisation’s work to identify key areas of vulnerability.
• Assess and categorize the sensitivity of your organisation’s information and communications, e.g., “Highly Confidential”, “Sensitive”, “Public”, etc.
• Secure your data by installing key recommended digital security tools such as those provided through the Tactical Tech “Security in a Box” website: https://securityinabox.org on staff computers and your network.
• Arrange a training/orientation for all staff to demystify digital security and engage everyone in thinking about digital security/information integrity policies for your organisation.
If your assessment shows that you have answered mostly “Somewhat”
• Review the tips under “mostly no” to ensure that you have covered the basics.
• Develop and document clear procedures and systems for your organisation’s digital security (e.g., password management, anti-virus software routines, regular software updates, etc.)
• Adopt the practice of always referring to the appointed security person whenever you execute a new activity such as installation of new software, registration to websites, etc.
• Consider extending digital security practices to online publications such as your website (e.g., checking security practices of your server host; offering an ‘https:’ version of your site, etc.)
• Set goals to improve your organisation’s digital security practices and an implementation plan to achieve them.
• Share the results of this assessment with consultants in your community who can advise you on targeted ways forward.
If your assessment shows that you have answered mostly “Yes”
• Review the advice under “mostly no” and “mostly somewhat” to ensure that there are no gaps in your planning.
• Make sure your digital security practices are present in your day-to-day activities by documenting your practices and developing a digital security policy for your organisation. Review and update your digital security policy annually.
• Train employees to be alert to external threats e.g., office visitors who could find sensitive information in the open, hack into the office wireless, steal backups, etc. or online personalities posing as colleagues or authorities who could gain sensitive information through deception.
• Plan for the unexpected: undertake risk assessment and ‘worst-case’ scenario planning for emergencies such as data loss and theft.
• Follow updated digital security advice from trusted sources such as the SANS Institute’s “Critical Security Controls for Effective Cyber Defence”.
• Share the results of this assessment with consultants in your community who can advise you on targeted ways forward.
Organisational Strength Map
Use this tool to identify your organisation’s strengths and explore areas for growth and development.
Chapters
Strategic Planning Toolkit
Build your strategic plan and improve your organisation’s effectiveness with these strategic planning tools and fact sheets. Not sure where to start? Check out the Starting Points page for advice tailored to your situation.
Communications Strategy Toolkit
Effective communications planning will enable you to raise your organisation’s voice on issues that matter.
Financial Sustainability Plan
Ensure that your organisation survives and thrives by strengthening its fiscal framework.
Social Media Strategy
This step-by-step tool will enable you to build an effective social media strategy and engage your online audiences.
Website Optimisation Plan
This 10-step plan will help you improve your website’s impact and usability.