Protecting your orgs identity

From California Technology Festival Wiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Overview

  • Best Practice: Have a list of all your online relationships in one place (without the Passowords)
  • Bad Practice: Setting up online accounts using individual email accounts
  • Instead create 'service@yourdomain.org' and have it forward to at least two people
    • It will also let you know who is spamming
    • It is also an inventory of stuff
    • It teaches intentionality to your staff regarding vendors
  • NGOs should have password policies
    • Must periodically change the passwords
    • Have a set of global triggers.
    • If someone leaves, change everything
  • We are addicted to the utility savings
  • Increase the cost of surveillance
  • Data Security??? Make the assumption that your data is going to be breached and destroyed
    • How deal? Backup!
    • When making backups, make sure it's via https
    • Your backup media needs to be encrypted and stored in multiple offsite location
    • Set up a recipricol relationship to store each other's backups. They'll tell you if your data is
  • Physically destroy your USB on sensitive machines
  • There are like 5 domains tht if they went offline, the whole progressive movement is over
    • Salesforce, change.org
    • Backup your stuff!
  • FDroid is an alternative to android store that will guarantee your app is not a spiked copy
  • Gunner's been whining about spying and such for years

He's been validated By Ed Snowden

  • Game Theory: In the simplest of games, there's mathematics that govern the correct move to make

Simple underlying idea: The side with more information wins Gunner thinks about the cloud as a playing field of information and we're already at a disadvantage There is a war going on with our data as the pieces on the chess board (mixed analogy)

  • What can be done to change the odds in our favor? How can we create mechanisms for redundancy and resilience
  • You want two things
    • Access to your data
    • To not be spied on
  • Biggest activist fail: Giving away our addresses freely

facebook.com/myorg

  • You are letting an org control how people reach you
  • You need to have people reach you through your domain name, not your SM accounts
    • You have control over your information that way
    • Your domain is utter control over your address
  • It is a worst practice to do your domain registration and your hosting at the same place
    • eff GoDaddy. They will
    • Use Ghandi.net GKJ.net
    • If one half starts sucking, you should be able to move it
  • NGOs should forbid their staff from using non-org email accounts
  • Email addresses are proxies for relationships between staff and allies
    • If they are fired they can still email back and forth with people as though they were still acting on your behalf
    • The org should also control their contact lists
  • Worst Practice
    • setting up their gmail accounts to send and receive their work email addresses
    • You should be in solidarity with activists and not choose convenience
  • When you fire someone, you must immediately change their email password and set it to forward/be monitored
  • Think about where the legal jurisdiction is for your org
    • Can the government come in and shut down your hosting?
  • Real Talk: One of the places that orgs consistently lose control of their online identity
    • Not keeping up on the contact info on thier online accounts
    • Did an intern set up your website? Make sure they set the contact email as the official org email
Retrieved from "https://catechfest.aspirationtech.org/index.php?title=Protecting_your_orgs_identity&oldid=381"