Information Security for Human Rights Defenders
Understanding and organizing your information
It’s important to approach information security in a thoughtful, organized way.
Consider the different types of information that you hold and seek to better understand both their value to your work and the harms to you and others that could result from an attacker accessing them. Put in place additional measures to protect those assets representing the greatest value or potential harms.
The reality is that it will not be possible to protect all your information from every possible way it could be compromised, and so you must prioritise. You should proceed systematically on the basis of risk. You should consider both the value of information to your work and the potential harms to you and others that could arise if it is compromised or lost.
You can also consider how likely it is that the value will be realised or that a given harm will occur. This provides a rational basis for prioritising where you should focus your attention.
Follow the guidance and exercises in the Holistic Security Guide, chapter 2.4 on Understanding and Cataloguing your Information
Types of Information
Our information can be stored and communicated in many ways: on paper, on our computers, on mobile phones, on the internet, on file servers, various internet services and social networking outlets. Taken together, this information comprises one of the most important assets any of us (or any organisation) has.
As with any asset, we are best served when we are sure that this asset is properly cared for so it doesn’t accidentally or maliciously get lost, corrupted, compromised, stolen or misused. In caring for our own security, we need to care for the security of our information.
Types of human rights information we manage includes:
- The outcome of the work we are doing (Reports, Database of human rights violations, Images, voice and video recordings).
- Operational information that helps us do our work:
- Text messages during an action
- Files
- Progress reports
- Other office information and communications including Financial, Human resources, Strategic organisational documents
- Personal information that identifies who we are both as members of an organisation, as well as other personal or professional affiliations
- Data generated by our use of digital devices as we work, or ‘meta-data’, which can be used to track our movements or monitor our relationships.
Know the common threats to information
Data Loss - Due to poor computer hygiene, malware infections, power cuts or ageing hardware, computers and other devices occasionally cease to function causing us to lose our data.
Threat | Mitigation technique | ||
---|---|---|---|
Data loss | Have your information securely in the cloud or on a server.
Have a backup process. |
||