Difference between revisions of "Protecting your orgs identity"
Jump to navigation
Jump to search
m (1 revision imported) |
(No difference)
|
Revision as of 20:37, 28 April 2015
Overview
- Best Practice: Have a list of all your online relationships in one place (without the Passowords)
- Bad Practice: Setting up online accounts using individual email accounts
- Instead create 'service@yourdomain.org' and have it forward to at least two people
- It will also let you know who is spamming
- It is also an inventory of stuff
- It teaches intentionality to your staff regarding vendors
- NGOs should have password policies
- Must periodically change the passwords
- Have a set of global triggers.
- If someone leaves, change everything
- We are addicted to the utility savings
- Increase the cost of surveillance
- Data Security??? Make the assumption that your data is going to be breached and destroyed
- How deal? Backup!
- When making backups, make sure it's via https
- Your backup media needs to be encrypted and stored in multiple offsite location
- Set up a recipricol relationship to store each other's backups. They'll tell you if your data is
- Physically destroy your USB on sensitive machines
- There are like 5 domains tht if they went offline, the whole progressive movement is over
- Salesforce, change.org
- Backup your stuff!
- FDroid is an alternative to android store that will guarantee your app is not a spiked copy
- Gunner's been whining about spying and such for years
He's been validated By Ed Snowden
- Game Theory: In the simplest of games, there's mathematics that govern the correct move to make
Simple underlying idea: The side with more information wins Gunner thinks about the cloud as a playing field of information and we're already at a disadvantage There is a war going on with our data as the pieces on the chess board (mixed analogy)
- What can be done to change the odds in our favor? How can we create mechanisms for redundancy and resilience
- You want two things
- Access to your data
- To not be spied on
- Biggest activist fail: Giving away our addresses freely
facebook.com/myorg
- You are letting an org control how people reach you
- You need to have people reach you through your domain name, not your SM accounts
- You have control over your information that way
- Your domain is utter control over your address
- It is a worst practice to do your domain registration and your hosting at the same place
- eff GoDaddy. They will
- Use Ghandi.net GKJ.net
- If one half starts sucking, you should be able to move it
- NGOs should forbid their staff from using non-org email accounts
- Email addresses are proxies for relationships between staff and allies
- If they are fired they can still email back and forth with people as though they were still acting on your behalf
- The org should also control their contact lists
- Worst Practice
- setting up their gmail accounts to send and receive their work email addresses
- You should be in solidarity with activists and not choose convenience
- When you fire someone, you must immediately change their email password and set it to forward/be monitored
- Think about where the legal jurisdiction is for your org
- Can the government come in and shut down your hosting?
- Real Talk: One of the places that orgs consistently lose control of their online identity
- Not keeping up on the contact info on thier online accounts
- Did an intern set up your website? Make sure they set the contact email as the official org email