Security Tips



  • Install and use antivirus software, but beware of unrecognised "antivirus" software that tries to install or update itself without your permission. It may be malware disguised as a fake "antivirus" software.
  • Use complex passwords that can't be guessed, and change them regularly. Do not use one "master password" for all your online accounts!
  • Remember that a digital security strategy is only as strong as the weakest link in the chain. If you keep your password written somewhere around your computer, even an account with a very secure password can be easily accessed. If the data on your computer is encrypted but the same data on your backup drive is not encrypted, then your data is still vulnerable.
  • Make regular backups. No hard drive is perfect - all are susceptible to mechanical failure or breakage. If you don't have all of your data backed up in at least two places, then your data is not backed up. Carbon Copy Cloner is an excellent free program for Mac that automates much of the process, by only backing up files that have changed since the last backup.
  • Beware of bogus hyperlinks, especially in suspicious emails. Even though the link may be underlined and blue like a regular link, it may point to an entirely different location. Hover your mouse over the link without clicking - most browsers will display the actual link target in the bottom left of the window.
  • Be aware that a simple delete of files from a flash disk or hard drive does not mean they have been wiped from memory. When you delete a file, the computer simply reallocates the space it takes up on the hard drive as empty space. Until something else is written over it, that file can still be recovered.
  • Always use HTTPS whenever possible, and particularly when transmitting sensitive information. Look for the 'S' after HTTP in the address bar of your browser. Some browsers will also display a padlock to indicate that the connection is secure. Use plugins like HTTPS-Everywhere to force the use of HTTPS whenever it is available.
  • Never select the option "Keep me signed in", especially when logging on from a public computer. This option will use a cookie to keep you signed in, even if you close the browser window.
  • Encrypted email capability with GPG is relatively easy to install and use with Thunderbird or K9 for Android. Consider this option if you are sending sensitive information or if you suspect your email is being monitored.

Further Resources

The Info-Activism How-To Guide: Top 5 tips for digital security and privacy

Tactical Tech's Security In A Box

Digital Security First Aid Kit from the Association for Progressive Communications