Assessing your risk

First, assess your risk. Only you know how security conscious you need to be. The consequences of surveillance and harassment have the potential to be severe; but, being overly cautious and constantly preparing for the worst can be debilitating. Ask yourself, what threats do you face? How serious would it be if that threat became reality? How likely is that to happen?

The likelihood that you aren’t ready for a threat, and that it will become a reality is risk. Many factors affect your risk. Planning for these factors will help you to defend against risk.

First step: assessing the threat

Sometimes a threat may be explicit. Not all explicit threats will lead to an incident. After all threatening you may be easy, but attacks are expensive. Other times, a threat will be implicit. You may be concerned that you are under threat because of another attack on someone else.

It is good to think about what the person or group threatening you aims to achieve and whether their motive is great enough for them to take the risk. Think about this in terms of what they have to gain versus what they have to lose. This will help you to decide if the risk of the threat becoming a reality is low, medium, or high.

Five steps to assessing a threat:

  1. Establish the facts surrounding the threat(s).
  2. Establish whether there is a pattern of threats over time.
  3. Establish the objective of the threat (what they have to gain)
  4. Establish who is making the threat and what they might have to lose
  5. Make a reasonable conclusion about whether or not the threat can be put into action (are they equipped enough?)

Second step: reducing your vulnerability to a threat

Vulnerability to a threat depends on your circumstances and how well equipped you are to stop the threat from harming you if it becomes reality.

Some factors that increase or reduce vulnerability include access or lack of access to:

  • Effective and secure means of communication
  • Safe, ground transportation
  • Proper locks or other physical security protections for a house or office
  • Support from others (a network or system) in the event of attack

Vulnerabilities and threats also vary according to gender, age and other factors.

To reduce your vulnerability it is important to increase your capacity to defend against and respond to a threat by having a clear and effective security plan in place. For starters, it is a good idea to develop and maintain an up-to-date checklist that covers the following:

  • Managing information (physical and digital) in a secure manner
  • Maintaining a contact list and network that can provide information about attacks and will advocate on your behalf should you be victimized
  • Deciding who your emergency contacts are in the event of a threat
  • Deciding who should know who your emergency contacts are (and making sure to let them know)
  • Making a recovery plan (should be tested in practice)

SOURCE: This information was taken and adapted from the Frontline Defenders Protection Manual for Human Rights Defenders. Useful examples to help you create your own security checklist, as well as further information about how to prevent or respond to attacks can be found in the original Frontline Protection Manual.

Safer mobile

All organizations face threats to the information they produce and to the wellbeing of their friends and allies. This can be because of powerful enemies or bad luck (or a combination of the two). If an organization does not defend against a threat, and the threat becomes a reality, the organization can lose important information, betray sensitive information about community members, and put staff in danger.

Mobile phones are an integral part of our daily communications and the functions they enable are rapidly expanding. Mobiles may feature GPS, multimedia capacity (photo, video and audio recording and sometimes transmitting), data processing and access to the internet. Smartphones support an even bigger range of functionality – web browsing, email, voice and instant messaging over the internet, capturing, storing and transmitting audio, videos and photos, social networking, multi-user games, banking and many other activities. However, many of these tools and features introduce new security issues, or increase existing risks.

It is important to start with the understanding that mobile phones are inherently insecure:

  • Information sent from a mobile phone is vulnerable.
  • Information stored on mobile phones is vulnerable.
  • Phones are designed to give out information about their location and their activity.

For instance, mobile phones relay your location information to your mobile network operator (as part of the normal functions of the phone) and many smartphones have built-in geo-location (GPS) functionality, which means they can provide an even more precise location to your mobile network operator, as well as to many applications you use on your phone (such as social networking, mapping, browsing and other applications). This makes it increasingly easy to be able to track your location.

SOURCE: This information was taken and adapted from the Security in a Box Toolkit by Tactical Technology Collective and Frontline Defenders. Further information about how your mobile phone can put you at risk as well as a great list of useful tools to help secure your mobile communications can be found in the original Security in a Box Toolkit.

Top tips for safer mobile use

  • Do not transmit sensitive information via SMS unless you are willing to have it read by strong adversaries. All SMS messages may be recorded by the service provider, and may be read by the strong adversaries.
  • When you need to communicate something that is sensitive, consider creating a coded system with trusted colleagues. For example, “X” could mean you’re in danger, and “Z” could mean you’re safe. “Tree” could mean you want to meet up. “Banner” could be a cafe you can meet at.”
  • If you or your source are threatened, and you must communicate via SMS, you should both use an encrypted SMS application. If it is really sensitive information, it is better to find an alternative method to communicate and even avoid digital communications if possible.
  • If possible, carry more than one phone and ensure that at least one is anonymous so that sensitive communications cannot be tied to your personal identity. This means not registering the SIM card to yourself and using pre-paid phones that do not require you to give personal details or billing information to your network provider.
  • If possible, carry more than one phone and ensure that at least one is anonymous so that sensitive communications cannot be tied to your personal identity. Try not to register the SIM card to yourself and use pre-paid phones that do not require personal details or billing information.
  • Never keep a record of your SMS messages on your phone. However, it is good to be aware that even if you delete your messages, they may still be accessed by strong adversaries if they go directly to your service provider.
  • Where possible, memorize the telephone numbers of close colleagues or sources so that this information is not easily found on your telephone. Remember to delete numbers this in your call history although this information could still be found by going to the service provider.

SOURCE: This list of top tips was taken and adapted from the Story Maker App Lessons on mobile security. Further information about the project and a range of more detailed lessons on mobile security can be found on the Story Maker site

  Question mark