Best practices for securing digital communications

February 2, 2015

By Collin Anderson

Read the first part: Navigating Risks to Digital Security

Engaging in sound practices on communications security should not be limited to those who believe that they might at risk of government surveillance. Improving security is an reiterative process that is as much about education as technology.

There are ample tools and resources available for digital security education–for instance, Tactical Technology Collective and Front Line Defenders offer “Security in-a-box” which includes a How-to  Booklet, a collection of Hands-on Guides, as well as instructions on how you can use different security tools.Yet there are also basic practices you can use to secure your communications and that a majority of the public does not engage in.

These include using long passwords and different ones for each site that an individual has accounts with. KeePass and similar tools are useful for generating random, long passwords without having to memorize them. As mentioned before, two factor authentication reduces the chance that phishing can be used to access accounts.

Many major platforms, Google, Facebook, Twitter, and Dropbox to name a few, support this feature. Many modern computer operating systems and phones offer full disk encryption, which decreases the chances that third parties can read devices that are stolen or confiscated. The cost of commercial antivirus is much smaller than the cost of criminals gaining access to ones files and accounts.

 Quick tips for securing communications:

  1. Journalists and civil society activists should communicate with sources over encrypted channels, such as Tor or TextSecure.
  2. If you are concerned about network surveillance and censorship by Internet service providers, then it would be smart to use Tor or a personal VPN service.
  3. Malware risks might necessitate the use of systems such as Tails.
  4. Password security: use long passwords, and different passwords for each site that an individual has accounts with.  KeePass and similar tools are useful for generating random, long passwords without having to memorize them.
  5. Two-factor authentication, offered by major platforms like Facebook, Google, Microsoft, and Twitter, reduces the chances that phishing can be used to access your accounts.
  6. Use full-disk encryption on your computer and mobile phones, which decreases the chances that third parties can read devices that are stolen or confiscated.

This article was originally published as part of our Journalism in Europe: Discussion Series.