Difference between revisions of "Protecting your orgs identity"

From California Technology Festival Wiki
Jump to navigation Jump to search
m
 
Line 1: Line 1:
 
==Overview==
 
==Overview==
 
 
 
* Best Practice: Have a list of all your online relationships in one place (without the Passowords)
 
* Best Practice: Have a list of all your online relationships in one place (without the Passowords)
 
 
 
* Bad Practice: Setting up online accounts using individual email accounts
 
* Bad Practice: Setting up online accounts using individual email accounts
 
 
 
* Instead create 'service@yourdomain.org' and have it forward to at least two people
 
* Instead create 'service@yourdomain.org' and have it forward to at least two people
 
**It will also let you know who is spamming
 
**It will also let you know who is spamming
 
**It is also an inventory of stuff
 
**It is also an inventory of stuff
 
**It teaches intentionality to your staff regarding vendors
 
**It teaches intentionality to your staff regarding vendors
 
 
 
* NGOs should have password policies
 
* NGOs should have password policies
 
** Must periodically change the passwords
 
** Must periodically change the passwords
 
** Have a set of global triggers.
 
** Have a set of global triggers.
 
** If someone leaves, change everything
 
** If someone leaves, change everything
 
   
 
 
  
 
* We are addicted to the utility savings
 
* We are addicted to the utility savings
 
  
 
* Increase the cost of surveillance  
 
* Increase the cost of surveillance  
 
  
 
* Data Security??? Make the assumption that your data is going to be breached and destroyed
 
* Data Security??? Make the assumption that your data is going to be breached and destroyed
Line 33: Line 20:
 
** Your backup media needs to be encrypted and stored in multiple offsite location
 
** Your backup media needs to be encrypted and stored in multiple offsite location
 
** Set up a recipricol relationship to store each other's backups. They'll tell you if your data is  
 
** Set up a recipricol relationship to store each other's backups. They'll tell you if your data is  
 
 
  
 
* Physically destroy your USB on sensitive machines
 
* Physically destroy your USB on sensitive machines
 
  
 
* There are like 5 domains tht if they went offline, the whole progressive movement is over
 
* There are like 5 domains tht if they went offline, the whole progressive movement is over
 
** Salesforce, change.org
 
** Salesforce, change.org
 
** Backup your stuff!
 
** Backup your stuff!
 
  
 
* FDroid is an alternative to android store that will guarantee your app is not a spiked copy
 
* FDroid is an alternative to android store that will guarantee your app is not a spiked copy
 
  
 
* Gunner's been whining about spying and such for years
 
* Gunner's been whining about spying and such for years
 
He's been validated By Ed Snowden
 
He's been validated By Ed Snowden
 
  
 
* Game Theory: In the simplest of games, there's mathematics that govern the correct move to make
 
* Game Theory: In the simplest of games, there's mathematics that govern the correct move to make
Line 55: Line 36:
 
Gunner thinks about the cloud as a playing field of information and we're already at a disadvantage
 
Gunner thinks about the cloud as a playing field of information and we're already at a disadvantage
 
There is a war going on with our data as the pieces on the chess board (mixed analogy)
 
There is a war going on with our data as the pieces on the chess board (mixed analogy)
 
  
 
* What can be done to change the odds in our favor? How can we create mechanisms for redundancy and resilience
 
* What can be done to change the odds in our favor? How can we create mechanisms for redundancy and resilience
 
  
 
* You want two things
 
* You want two things
 
** Access to your data
 
** Access to your data
 
** To not be spied on
 
** To not be spied on
 
  
 
* Biggest activist fail: Giving away our addresses freely
 
* Biggest activist fail: Giving away our addresses freely
 
facebook.com/myorg
 
facebook.com/myorg
 
  
 
* You are letting an org control how people reach you
 
* You are letting an org control how people reach you
 
  
 
* You need to have people reach you through your domain name, not your SM accounts
 
* You need to have people reach you through your domain name, not your SM accounts
 
** You have control over your information that way
 
** You have control over your information that way
 
** Your domain is utter control over your address
 
** Your domain is utter control over your address
 
  
 
* It is a worst practice to do your domain registration and your hosting at the same place
 
* It is a worst practice to do your domain registration and your hosting at the same place
Line 81: Line 56:
 
** Use Ghandi.net GKJ.net  
 
** Use Ghandi.net GKJ.net  
 
** If one half starts sucking, you should be able to move it
 
** If one half starts sucking, you should be able to move it
 
  
 
* NGOs should forbid their staff from using non-org email accounts
 
* NGOs should forbid their staff from using non-org email accounts
 
  
 
* Email addresses are proxies for relationships between staff and allies
 
* Email addresses are proxies for relationships between staff and allies
 
** If they are fired they can still email back and forth with people as though they were still acting on your behalf
 
** If they are fired they can still email back and forth with people as though they were still acting on your behalf
 
** The org should also control their contact lists
 
** The org should also control their contact lists
 
  
 
* Worst Practice
 
* Worst Practice
 
** setting up their gmail accounts to send and receive their work email addresses
 
** setting up their gmail accounts to send and receive their work email addresses
 
** You should be in solidarity with activists and not choose convenience
 
** You should be in solidarity with activists and not choose convenience
 
  
 
*When you fire someone, you must immediately change their email password and set it to forward/be monitored
 
*When you fire someone, you must immediately change their email password and set it to forward/be monitored
 
  
 
* Think about where the legal jurisdiction is for your org
 
* Think about where the legal jurisdiction is for your org
 
** Can the government come in and shut down your hosting?
 
** Can the government come in and shut down your hosting?
 
  
 
* Real Talk: One of the places that orgs consistently lose control of their online identity
 
* Real Talk: One of the places that orgs consistently lose control of their online identity
 
** Not keeping up on the contact info on thier online accounts
 
** Not keeping up on the contact info on thier online accounts
 
** Did an intern set up your website? Make sure they set the contact email as the official org email
 
** Did an intern set up your website? Make sure they set the contact email as the official org email
 
  
 
[[Category: 2014 Richmond]] [[Category: Branding]]
 
[[Category: 2014 Richmond]] [[Category: Branding]]

Latest revision as of 18:57, 4 May 2016

Overview

  • Best Practice: Have a list of all your online relationships in one place (without the Passowords)
  • Bad Practice: Setting up online accounts using individual email accounts
  • Instead create 'service@yourdomain.org' and have it forward to at least two people
    • It will also let you know who is spamming
    • It is also an inventory of stuff
    • It teaches intentionality to your staff regarding vendors
  • NGOs should have password policies
    • Must periodically change the passwords
    • Have a set of global triggers.
    • If someone leaves, change everything
  • We are addicted to the utility savings
  • Increase the cost of surveillance
  • Data Security??? Make the assumption that your data is going to be breached and destroyed
    • How deal? Backup!
    • When making backups, make sure it's via https
    • Your backup media needs to be encrypted and stored in multiple offsite location
    • Set up a recipricol relationship to store each other's backups. They'll tell you if your data is
  • Physically destroy your USB on sensitive machines
  • There are like 5 domains tht if they went offline, the whole progressive movement is over
    • Salesforce, change.org
    • Backup your stuff!
  • FDroid is an alternative to android store that will guarantee your app is not a spiked copy
  • Gunner's been whining about spying and such for years

He's been validated By Ed Snowden

  • Game Theory: In the simplest of games, there's mathematics that govern the correct move to make

Simple underlying idea: The side with more information wins Gunner thinks about the cloud as a playing field of information and we're already at a disadvantage There is a war going on with our data as the pieces on the chess board (mixed analogy)

  • What can be done to change the odds in our favor? How can we create mechanisms for redundancy and resilience
  • You want two things
    • Access to your data
    • To not be spied on
  • Biggest activist fail: Giving away our addresses freely

facebook.com/myorg

  • You are letting an org control how people reach you
  • You need to have people reach you through your domain name, not your SM accounts
    • You have control over your information that way
    • Your domain is utter control over your address
  • It is a worst practice to do your domain registration and your hosting at the same place
    • eff GoDaddy. They will
    • Use Ghandi.net GKJ.net
    • If one half starts sucking, you should be able to move it
  • NGOs should forbid their staff from using non-org email accounts
  • Email addresses are proxies for relationships between staff and allies
    • If they are fired they can still email back and forth with people as though they were still acting on your behalf
    • The org should also control their contact lists
  • Worst Practice
    • setting up their gmail accounts to send and receive their work email addresses
    • You should be in solidarity with activists and not choose convenience
  • When you fire someone, you must immediately change their email password and set it to forward/be monitored
  • Think about where the legal jurisdiction is for your org
    • Can the government come in and shut down your hosting?
  • Real Talk: One of the places that orgs consistently lose control of their online identity
    • Not keeping up on the contact info on thier online accounts
    • Did an intern set up your website? Make sure they set the contact email as the official org email