This post is also available in: Thai Indonesian Burmese Khmer
This guide was originally written by Darika Bamrungchok and published in April 2020 on Coconet.social. This 2022 revision by EngageMedia Digital Rights and Technology Manager Khairil Zhafri and Digital Security Specialist Ashraful Haque includes updates to the introduction and available digital hygiene resources.
Illustration by Rebecca Wang for the OpenIDEO Cybersecurity Visuals Challenge. Image from Wikimedia Commons, licensed under the Creative Commons Attribution 4.0 International license.
Good Digital Hygiene in the Online Workspace
- Strong passwords still matter. While many tech companies are pushing for a password-less future, passwords are not going away anytime soon. Passwords remain the first step to accessing accounts, so it’s important to create strong and secure passwords.
- To add another layer of protection, enable two-factor authentication for all accounts, especially for emails and social media.
- Change personal wifi names to something less identifiable.
- Change the passwords on wifi routers to something more complex and hard to crack by adding numbers and special characters.
- Change the default passwords of personal smart devices connected to your home internet.
- Use a reliable password manager, like KeePassXC or BitWarden, to further secure your passwords.
- Keep your software and applications up to date. Check security updates and and patches regularly and install them as soon as they become available.
- Make sure anti-virus software and firewall are updated.
- Review and remove unused software and applications.
- Verify the source before downloading an application.
- Have backups of your files, and back up regularly. Losing important files forever can be a nightmare, so to avoid data loss and ransomware, make it a habit to back up important files using secure tools and processes.
- Encrypt any backups for both external hard drives and cloud services.
- Software such as Cryptomator can encrypt files before storing them in the cloud.
- You can also use VeraCrypt to create different kinds of encrypted storage on your computer.
Illustration by Rebecca Wang for the OpenIDEO Cybersecurity Visuals Challenge. Image licensed under the Creative Commons Attribution 4.0 International license.
- Secure your web connection with safe browsers and virtual private networks (VPN).
- For browsers, we highly recommend Brave, Firefox, and Chromium. Change the default search engine to a privacy-minded website such as DuckDuckGo, and regularly clear your cache and history.
- Install security browser extensions, such as Privacy Badger, NoScript and uBlock Origin, to help make internet browsing safer.
- Note that some extensions can be a security hazard. Regularly review and remove any browser extensions that you don’t often use.
- Protect your connection to the internet by using VPNs. Think of VPNs as a “private tunnel” that connects only you to a secure VPN server.
- Use a VPN service from a reliable security-focused provider. If you want to try one for free, we suggest RiseUp VPN, Proton VPN, Psiphon, or TunnelBear (free up to 500Mb).
- Be aware of phishing attacks. One wrong click on fake links or suspicious messages can result in compromised accounts, stolen personal information, and infected computer systems, so be extra vigilant!
- Don’t click on suspicious links from unknown sources. If you’re unsure, use VirusTotal to check the link first before you click.
- Learn how to identify common types of phishing and how to protect yourself by reading resources such as the Surveillance Self-Defence guide and this EngageMedia article.
- Learn about end-to-end encryption to add an extra layer of security to your online communications. When you don’t encrypt your internet activity, it’s possible for anyone with the right tools or know-how to sniff out what you do online. Imagine sending someone mail using a postcard. Anyone handling your postcard can just read your mail. End-to-end encryption is like sending mail in an envelope: although other people can see that you are indeed sending mail, they cannot see what’s inside the envelope.
- Encrypt your emails using OpenPGP. Browser extensions such as Mailvelope and email services like Proton Mail, Tutanota, Mailbox.org and RiseUP make it easy to use PGP email encryption.
- Use open-source messaging apps that have built-in end-to-end encryption like Signal, Wire, and Session.
- Make sure that your web browsers always use secure connections by enabling HTTPS-only mode. Most new browsers will give you a warning when browsing a website without full HTTPS.
- Protect your privacy online by following these tips:
- Limit your digital footprint by restricting the kinds of information you share on social networking sites. Avoid sharing personal photos, tagging your locations, and linking your mobile number to your online accounts.
- Review your privacy settings on popular social networking sites such as Google, Facebook, Twitter, and LinkedIn. Make your profile pages private and limit your post visibility to selected groups of close friends and family members.
- Disable ad ID tracking on your mobile devices to make it harder for advertisers and data brokers to track and profile you online. Don’t forget to disable off-Facebook tracking.
- Use disposable email addresses when signing up for user accounts or subscribing to mailing lists. Firefox Relay by Mozilla and SimpleLogin by Proton offer free email redirect services that can mask your personal email address.
- Use ad blockers such as Adblock Plus and Disconnect to reduce the number of ads you see and limit marketers tracking you online.
- Digital hygiene also includes limiting your use of digital devices. Do you remember the last time you unplugged? Consider doing a “digital detox” to limit your screen time and enhance your digital well-being. Discover the many good reasons why you might want to take a break from all tech devices, and consider finding time for a full data detox.
Working safely with others online
Illustration by Abraham Pena for the OpenIDEO Cybersecurity Visuals Challenge. Image licensed under the Creative Commons Attribution 4.0 International license.
- Alternatives to Google Docs for collaborating on documents with other people
- CryptPad is an open-source alternative for collaborating on documents. The storage limit for all registered users is 1GB. Registration is free with no personal data required. Pads without registration documents are deleted after three months of inactivity.
- Riseup Pad allow for collaborative editing online by using an Etherpad service. Riseup does not store IP addresses. Pads are automatically destroyed after 60 days of inactivity.
- Alternatives to messaging apps like WhatsApp, Line, and Viber
- Signal is a free chat app that has end-to-end encryption. Its open-source Signal protocol keeps your chat secure. It also has the option for disappearing messages for sensitive conversations.
- Wire offers one-on-one or group chat, voice communication, and file-sharing with end-to-end encryption. You can register using your email or phone number.
- Rocket.Chat is also an open-source chat app with end-to-end encryption.
- To learn more about these apps, check out this comparison of secure messaging apps.
- Jitsi Meet is an easy-to-use open-source tool that doesn’t require user registration. You can use meet.jit.si to host your online meetings for free or deploy Jitsi Meet on your own server. Other trusted free Jitsi Meet deployments include Greenhost, Framatalk, and Disroot.
- BigBlueButton is an open-source video communication tool that has all the features comparable to Google Meet, Microsoft Teams, and others. You can create breakout rooms, use a whiteboard, enable closed captioning, run polls, share notes, and use other features ideal for online training and learning. You can run your own server or sign up for BigBlueButton managed by NoLog.cz, CommunityBridge, meet.coop, and other providers.
- Talky has a free encryption option. This app allows for simple video chats and screen sharing for groups of up to 6 people.
- Wire also offers secure video conferencing, but only for the paid version. If you are interested to try Wire, a free 30-day trial is available.
- Mumble is good if you need to use only audio for your online conference. It’s free, open-source, and operates on low latency.
- Whatever the videoconferencing tool you use, always be mindful of your work environment and background. A plain background is best to avoid showing private or personal belongings that can identify you. Consider covering your camera when not in use.
- Alternatives to commercial file-sharing services
- Share.riseup.net is a file-sharing service hosted by Riseup that keeps the file online for a week before deleting it.
- OnionShare.org lets you securely and anonymously share a file of any size by using Tor Network.
- Lufi by Disroot encrypts and hosts your file for online sharing for up to 30 days.
Your tools, your choice
When choosing which tools to incorporate into your online workspaces, a good rule of thumb is to review the service’s privacy policy and carefully check the type of encryption being employed. Many technology companies and developers are eager to highlight their tools’ encryption abilities, but not all kinds of encryption are created equal, and many of the software we’re accustomed to using are not end-to-end encrypted. For example, the popular video conferencing app Zoom isn’t actually end-to-end encrypted, meaning anyone with the right tools and skillset is capable of spying on your meetings.
At the end of the day, digital security is a subjective concept. What you eventually use depends on your needs and lifestyle. You have the power to draw your boundaries and choose which tools you want to use.
If you find more tools that work for you, tell us about it! We’ll update this post with newer recommendations and security updates as they come. The more that we collectively practice good digital hygiene, the safer we all will be.
Image from 200degrees, licensed under the Pixabay License.
Comments are closed.