Difference between revisions of "Protecting your orgs identity"

From California Technology Festival Wiki
Jump to navigation Jump to search
m (1 revision imported)
(No difference)

Revision as of 20:37, 28 April 2015

Overview

  • Best Practice: Have a list of all your online relationships in one place (without the Passowords)


  • Bad Practice: Setting up online accounts using individual email accounts


  • Instead create 'service@yourdomain.org' and have it forward to at least two people
    • It will also let you know who is spamming
    • It is also an inventory of stuff
    • It teaches intentionality to your staff regarding vendors


  • NGOs should have password policies
    • Must periodically change the passwords
    • Have a set of global triggers.
    • If someone leaves, change everything



  • We are addicted to the utility savings


  • Increase the cost of surveillance


  • Data Security??? Make the assumption that your data is going to be breached and destroyed
    • How deal? Backup!
    • When making backups, make sure it's via https
    • Your backup media needs to be encrypted and stored in multiple offsite location
    • Set up a recipricol relationship to store each other's backups. They'll tell you if your data is


  • Physically destroy your USB on sensitive machines


  • There are like 5 domains tht if they went offline, the whole progressive movement is over
    • Salesforce, change.org
    • Backup your stuff!


  • FDroid is an alternative to android store that will guarantee your app is not a spiked copy


  • Gunner's been whining about spying and such for years

He's been validated By Ed Snowden


  • Game Theory: In the simplest of games, there's mathematics that govern the correct move to make

Simple underlying idea: The side with more information wins Gunner thinks about the cloud as a playing field of information and we're already at a disadvantage There is a war going on with our data as the pieces on the chess board (mixed analogy)


  • What can be done to change the odds in our favor? How can we create mechanisms for redundancy and resilience


  • You want two things
    • Access to your data
    • To not be spied on


  • Biggest activist fail: Giving away our addresses freely

facebook.com/myorg


  • You are letting an org control how people reach you


  • You need to have people reach you through your domain name, not your SM accounts
    • You have control over your information that way
    • Your domain is utter control over your address


  • It is a worst practice to do your domain registration and your hosting at the same place
    • eff GoDaddy. They will
    • Use Ghandi.net GKJ.net
    • If one half starts sucking, you should be able to move it


  • NGOs should forbid their staff from using non-org email accounts


  • Email addresses are proxies for relationships between staff and allies
    • If they are fired they can still email back and forth with people as though they were still acting on your behalf
    • The org should also control their contact lists


  • Worst Practice
    • setting up their gmail accounts to send and receive their work email addresses
    • You should be in solidarity with activists and not choose convenience


  • When you fire someone, you must immediately change their email password and set it to forward/be monitored


  • Think about where the legal jurisdiction is for your org
    • Can the government come in and shut down your hosting?


  • Real Talk: One of the places that orgs consistently lose control of their online identity
    • Not keeping up on the contact info on thier online accounts
    • Did an intern set up your website? Make sure they set the contact email as the official org email