Social Distancing is a practice intended to stop or slow down the spread of the Corona Virus. The purpose is to reduce the probability of contact between persons infected with #COVID19 and others who are not infected, so as to minimize it’s transmission.
We dwell a lot on “CyberSecurity” forgetting about the physical security for organizations. We just thought we could throw in a few tips for you to secure your office space.
Security risks are trending amongest HRDs and it is so unfortunate that many organisations do not have the necessary office security measures in place to help protect their premises & assets from possible threats.
Trending risks to organizations include but are not limited to:
Non-profit Organisations (NPOs) perform a vital role in society, providing relief and support to populations in need, and at times during urgent crisis. Unfortunately, they have also been used to provide cover for the financing of terrorism. As a countermeasure, after the 9/11 bombings, the Financial Action Task (FATF) was formed.
Often when you talk of securing our web hosting, our minds are led to “Which host is can not be hacked?” But it is beyond that, some time we need to secure ourselves beyond just that. Things like, who signed up for the server? Which email was used? What name was used to register the domain?
Just before we look outside and start blaming web hosting service providers, we have to ensure that we personally take these tips to safeguard our service.
#TIP 1. Since this is your service so first thing is to have all credentials pointing towards you. Credentials such as usernames, emails that are used to identify you to your web hosting provider don’t have to belong to a third party but rather you. This makes it easy to recover your account easily.
#TIP 2. Enforce password complexity and 2 step verification. To make sure login is secure, you need to have 2FA enable and a strong password. This protects your account from being easily breached by adversaries.
#TIP 3. Avoid using insecure/unsupported third party apps. Web hosting service providers tend to avail you with a multitude of app choices to use for your services, from building your website, to accessing emails, to manipulating your databases. Some of these apps tend to be obsolete or insecure to use in the evolving technology. Therefore you need to look out on more secure applications.
#TIP 4. Update all apps or software used on your web host reguralrly, after making a good choice of what to use, make sure to update this tools regularly. Updates are a way to secure yourself with a fix of identified vulnerabilities or simply to keep abreast with new technology that has been added to a tool.
#TIP 5. Use the most secure web hosting you can find. No matter the content you are hosting or the services to expect from a hosting provider, Always lookout for services that are ideal in the present digital age. We have put together a list of tips to consider when choosing your web hosting provider just below.
Here are a few tips to consider to make a choice of a good hosting provider.
#TIP 1. Ensure the server has a backup policy. Backups no longer just apply to information in your computer but also you need to know that there is another option for your online information in case anything happens. You can control many aspects of backing up your computer data, but for websites, it can often depend on your hosting provider. Good enough, most web hosting providers do offer free backups, but these are variations on this theme. For example, some may require you to perform the backup procedure manually, while others may do it automatically and require you to contact their support team if you should need data restoration services. Ideally, look for a web hosting provider that carries out periodical automated backups and allows you to restore from them at any time on your own.
#TIP 2. Look out for servers with an automated Malware or Antivirus Scanning. Just as you may have an antivirus program on your computer which you are fully in control of. For websites, you depend on the hosting service provider to do this for you. It’s important to at least know they’re doing this and what level of information they can provide to you on potential problems. Some web hosts offer these services and you are able to see their reports and fixes or recommendation. But the very least you need to consider is to be able to restore your site from a previous version that wasn’t infected.
#TIP 3. Consider servers with Network Monitoring, Firewall and DDoS prevention systems. As websites are hosted in massive data centers, much of the controls here are automated. Make a choice on hosts having control and monitoring tools in place that keep an eye out for suspicious traffic or incidences. Firewalls are always our first line of defense from attacks from outside our systems and you need to make sure you have that wherever you are hosting your website. Whereas, Distributed Denial of Service (DDoS) attacks can be a big blow as attacker will want to flood your website with so much traffic to take it down completely from the site server.
These are often mitigated by using a good Contend Delivery Network (CDN) such as Cloudflare or website firewall such as Sucuri. Good enough, some hosting providers include this in their bundles, so look out for them!
#TIP 4. Secure File Transfer Protocol (SFTP). In circumstances where large files have to be uploaded to the website, it is more efficient to use FTP to do this, now there is SFTP which is the secure version of FTP and helps keep your data safe during transfer. While most popular web hosts offer FTP services, a handful of them only seem to offer SFTP so those handful are the ones you should look up to. Unless you do not use FTP or you don’t think of using it, you could skip this tip but we guarantee it is just as important as the rest.
#TIP 5. Spam filtering. You might be well aware of spam or junk. Just as annoying these messages can be is also how they can be a source of DDoS if you are suddenly flooded by such mail. If your host offers spam filtering, then the attack goes through its spam filters first which would be a win for you. Also, keeping spam out will help you save space in your mail folders. Most hosting providers have spam filters available, but some will require manual configuration. We’d suggest using those with automatic spam filters.
Hoping that these tips have been helpful to you, these are just to ensure that you have a smooth web service and you don’t have to be a victim of several hacks on the web. There are endless attacks on websites everyday and the best you can do is to have a secure web hosting service as the internet is an overwhelming place for resources and everyone is trying their best to utilize it in both good and bad ways.
What is a security policy?
A security policy is a formal, detailed and easily understandable document that addresses general beliefs, goals, acceptable procedures and security controls that governs an organization or other entity. It addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms such as doors, locks, keys and walls, computer security threats, and how to handle situations when they do occur. A security policy must identify all of a company’s assets as well as all the potential threats to those assets. And lastly, it should be subject to amendment as threats have a dynamic.
Why a security policy?
A security policy should be one of the first documents in place for a corporate organization or entity to function flexibly. It should address all security concerns, the likelihood that they will actually occur, ways forward and speculation clearly so that the employees and employers feel at ease implementing their mandate. So you need a security policy so as to:
- Establish the rules for user behavior on use of organizational assets. This ensures proper compliance of the staff.
- To define and authorize consequences of violation of certain guidelines.
- Establish baseline stance on security to minimize the risk of occurrences in the organization.
- Builds a sense of carefulness among staff therefore reduces risk of data loss or leak.
- Protects the organization from external and internal “malicious” users.
- Guides staff on acceptable and unacceptable behavior.
- Carries with itself how information is disseminated (private, internal & public information).
A Good Security Policy
A good security policy should be readily available for its intended audience. It shouldn’t be hard to get.
It should be understandable and not confusing. Avoid using words that are beyond the understanding of your audience. It should clearly indicate how violations are handled.
A security policy should be applicable to the organization and only reveal information relevant to the functionality of the organization. It should cover use of organization assets, specify minimum security standards used in protection of assets, prohibitions against malicious actions, home use of organization equipment, use of personal equipment for carrying out official duties, procedures deemed as accepted or best practices, etc.
Work to develop a policy that balances both current practices of the organization and practices the organization wants to see in future. And most importantly make sure to have a policy that protects and organization against multiple types of threats.
And lastly, It should be accepted, put into use and reviewed frequently, at least once a year upcoming concerns should be updated in it. This is because breaches will always keep evolving and therefore new measures have to come in place.
5 steps to compile a good security policy
- Identify issues
- Conduct a context analysis on issues identified. (vulnerabilities, fix/ways forward, influence of behavior). Set of rules
- Make a draft policy covering all the above.
- Have a review of the document internally and or hire an external entity to review too.
- Deploy the policy to the rest of the organization.
- Roles and responsibilities
- Sanctions and violations
- Review schedule
- Definition of terms, abbreviations/acronyms
Topics should center around the following
- Physical Security
- Security Training
- Software Licencing
- Virus protection
- Acceptable use
- Account management
- Special access (Authority)
- Change management
- Incident management
As Human Rights Defenders, we are exposed to a lot of risks during our public or field engagements and most of these tend to hit us by surprise since we do not adequately prepare to overcome these emergencies.
It could be a kidnap and being stranded in the middle of nowhere, could be an accident, name it.
Field engagement in this case is conducting work in the natural environment other than in office. During field engagements, we tend to be with the general public, known or unknown and new to us because it is our first time to engage with them. Even when the environment is known to us, we can never guarantee the dynamics of people who have been working with and there for, we need to have a number of things ready just in case things happen to go side ways:
- Make sure your phone is charged before going out.
- Be sure to have some cash on you just in case you might need to use some quickly.
- Make your you have an ID on you to easily identify with legal authorities.
- Make sure your phone security is something that only you know (Don’t use fingerprint or face ID) when going for vital field work.
- Have a contact of someone to call in case of emergencies. You can write such contacts somewhere and carry with you.