tl;dr: If you just wanna get to the five things you can do right away, here they are, but I really hope you keep reading!
- Turn on multi-factor authentication everywhere
- Use a different, strong password for each account
- Keep your devices and software up-to-date
- Make sure your devices are running antimalware/antivirus software
- Use DeleteMe to remove your personal info from the internet
This week has shaken many of us who are part of progressive or leftist movements and organizations. We're up against federal, state and local governments that have shifted further to the right. We're soon going to have a proudly-fascist president who says he's going to be a dictator on day one. Thing is, dictators usually stick around longer than they say they will.
As a result, many of us are hurrying to improve our holistic security: physical, mental/emotional, and digital security. We want to move fast, but we can't do everything all at once. So we gotta use a harm reduction approach to security: do what we can with the money, time and other resources we have available.
In the coming months I hope to provide guidance on different ways that we can improve our digital security (digisec.) You can take these actions individually, but they're even more important for groups and organizations. When we're working with other folks it is important that everyone be up to speed on security practices and protocols, because one person who is missing some crucial steps can compromise the work of everyone else in the group or organization.
This is all just my take as a movement digisec practitioner. This does not constitute medical advice, lol. Everyone's needs and situations are different, but I hope this basic guidance can be helpful to many people across our communities and movements!
First steps for improving your digital security
Right now we're working with the same federal government's tech and privacy policies as we've had for the past four years. Come January we may see things start to shift rapidly, with federal, state and local agencies and law enforcement cracking down on those of us who have been labeled as "the enemy within."
But in the meantime I worry that we'll be targeted by non-governmental groups or individuals who are emboldened by the incoming fascist regime. So here are some things we can do now to increase our digital security in ways that can protect us now and in the future.
#1: Turn on multi-factor authentication everywhere
Multi-factor authentication (MFA), two-step login, two-factor authentication (2FA) -- they all basically mean the same thing: you need to provide something other than your username and password to access your account. That makes it so much harder to break into your accounts -- someone would have to know your username and your password and another form of verification in order to get in. That might be a verification code you get through text messages, emails or authentication apps like Google Authenticator or Authy; it might even be a little physical key that you plug into your computer or tap to your mobile device to provide that extra bit of verification.
Turn on multi-factor authentication or two-step logins wherever you can, as soon as you can! Most websites and platforms let you do it and provide documentation how to set it up. You can start with your most important and private accounts, then gradually get it set up for the rest of your accounts.
#2: Use a different, strong password for each account
Hackers love when we use either weak passwords or the same passwords for many accounts. Weak passwords -- passwords that are too short or commonly used (think password123) -- make it easy for hackers to "crack" out our passwords by running them against lists of passwords that are common or that have already exposed as a result of internet services or platforms being hacked. If they get one password that you use for all of your accounts, that makes it incredibly easy to break into your other accounts.
To fight this, you should use long, random passwords that are very unlikely to be used by anyone else in the world. You can use tools like the Bitwarden Password Tester to check how strong your passwords are.
You should also use a different password for every account. If a hacker manages to get a password for one of your accounts, they won't be able to break into your other accounts because all of your passwords are different.
But we all have so many accounts and it's impossible for us to remember a different strong password for each one! The best way to deal with that is by using a password manager. After you add your usernames and passwords to your password manager, you only need to remember just one strong password to let you into the password manager itself. Once you log in you'll be able to use all of the other usernames and passwords that you've added to your password manager. Two highly recommended password managers are Bitwarden and 1Password. Both have cheap or free plans for personal accounts, but they also offer premium accounts for families or organizations.
#3: Keep your devices and software up-to-date
All of our devices and the software that runs on them need updates that happen on a regular basis to keep them secure. If updates aren't happening, hackers can take advantage of security flaws to access your devices, install malware, access your files and do all sorts of other bad things. When your computer or mobile devices asks you to let updates happen, let them happen! If they say you need to restart your device, do it as soon as you can! And if you never see messages about updates, make sure automatic updates are turned on for all devices and software. (You can search the web for guides on how to make sure automatic updates are happening for specific devices and software.)
#4: Make sure your devices are running antimalware/antivirus software
This might seem old school, but it continues to be super important to run antimalware/antivirus software (they kinda mean the same thing but antimalware is more accurate.) You need to use it whether you use Windows or Mac (or Linux for the super-nerdy), and it's even available for mobile devices like phones and tablets. Windows and Macs have antimalware software turned on by default -- don't turn them off! They should run automatically on a regular schedule. Phones and tablets running iOS (like iPhones) or Android (basically all other phones) have antimalware protection built in, but you can also download and use antimalware software on those devices. My favorite for mobile devices is Sophos Intercept X but it takes some extra effort and comfort with tech to set it up.
#5: Use DeleteMe to remove your personal info from the internet
This recommendation is all about preventing doxing, where people find your personal info -- addresses, phone numbers, family members and all sorts of other stuff -- and use it to harass and even harm you both online and offline. This is all public info that can be found all over the internet, but the worst is when data broker sites like Spokeo, Whitepages and BeenVerified find a lot of your info and package it up nice and neat so someone can use it without looking it all up themselves. You can try to remove your personal info yourself but it would take a long, long time and a lot of hassle. Instead, use a data removal service like DeleteMe to do it for you on a regular basis.
There are other data removal sites out there, but DeleteMe is the one I use and trust more, and so do my digisec colleagues.
Of course, these steps won't get you 100% secure, but they'll put you on the right path. I hope that you find them helpful! If you have any feedback, please let me know!