1697312026600

Investing in Women’s Safety and Security

We hope you were celebrated or honored by the women in your life, and we encourage you to continue this appreciation beyond Women’s Day.

Speaking of Women’s Day, this year’s theme, “Invest in Women: Accelerate Progress,” underscores the critical need for increased financing in gender equality efforts, including funding gender-responsive, green energy initiatives, and support for female and feminist changemakers.

These challenges notwithstanding, as experts in the fields of security, safety, and human rights, we have witnessed firsthand how the unique security risks and threats faced by women impede progress not only toward achieving equity but also in improving their overall quality of life.

Here are four impactful ways in which we can invest in women to accelerate progress through enhanced security and safety measures.

Enhancing  Responsiveness of Security and Justice Institutions 

According to a 2020 Violence Against Women and Girls Survey (VAWG) conducted by UBOS, a staggering 95% of women surveyed reported experiencing physical and sexual violence. Shockingly, only 45% of those who had experienced intimate partner physical and sexual violence chose to report it, primarily due to a deep-seated mistrust in the judicial system.

Despite efforts such as the establishment of Gender-Based Violence help desks by Uganda Police, significant gaps remain in addressing these issues effectively. There is an urgent need to bolster the responsiveness of law enforcement and judicial institutions in apprehending and prosecuting perpetrators. Strengthening these mechanisms is crucial in not only delivering justice to survivors but also contributing significantly to deterring future occurrences.

GBV Toll Free Helpline 0800199195

Support, NOT Survivor Blaming

The UBOS survey also revealed that the other reasons why women opted not to report physical/sexual abuse were fear of being blamed for the incidents and the threat of continued abuse or worse consequences by their abusers if they spoke up.

In light of these distressing findings, it is clear that women who have endured abuse and violations, need tools and assistance to cope, recover, and pursue justice, to help them navigate these harrowing experiences and gradually rebuild a sense of safety and stability in their lives. This can be informed by psychosocial support or training in basic self-defense skills among others.

Equipping Women with Knowledge and Skills to Navigate the Evolving Digital Landscape

In today’s rapidly evolving digital world, it’s crucial to empower women with the necessary knowledge and skills to navigate cyberspaces safely. This includes providing them with the tools to prevent, recognize, and respond to cyber-attacks effectively. Explore our website for digital security support options/offerings.

As more aspects of our lives move online, women are increasingly vulnerable to various forms of digital abuse, including hacking, cyberbullying, harassment, and online stalking. By skilling women in cybersecurity and digital safety, we can empower women to protect themselves against such threats and confidently engage in online activities.

Investing in Gender-Inclusive Tech for Safety and Security 

By allocating resources toward the creation and refinement of tech tools tailored to women’s needs, we can address existing safety concerns and foster a more inclusive digital environment. 

Here are a few we like; digitalsafetea.com safebangle.org bitdefender.com 

Screenshot 2024-03-12 at 12.06.51

Child/Teen Online Safety Tips and Tools

More children and teenagers are actively engaging with the internet, and this trend is expected to persist. However, the online environment hasn’t always been tailored to cater to the needs of minors. Therefore, it is crucial to prioritise their safety. In honour of Safer Internet Month, here are some essential tips and tools parents, educators, and even the young netizens can use to guarantee online safety.

For blog article

Data Privacy and Protection: Essential Insights for NPOs.

Like other organisations/companies, Non-Profit Organisations (NPOs) collect and utilise data from their program participants, partners or donors. It is therefore imperative that they prioritize data privacy and protection.

Data privacy and protection essentially entail safeguarding sensitive personally identifiable information, covering data collection, storage, and organizational use. Data collected by NPOs may include details such as names, addresses, emails, and financial information. 

Here are key insights for NPOs as they navigate the landscape of data privacy and protection.

Why Data Privacy and Protection?

Data protection and privacy aren’t just checkboxes for NPOs; failure to safeguard sensitive information can lead to severe consequences, posing significant risks to organisations.

Loss of Data

Losing valuable data can be detrimental to an NPO’s operations. Whether it’s program participant information, donor records, or financial data, the loss of such information can disrupt essential activities and hinder effective decision-making. Additionally, recovering lost data can be a time-consuming and costly process. 

Financial Loss

Data breaches can lead to financial losses. NPOs may face financial liabilities associated with rectifying the situation. This could include expenses related to legal actions, regulatory fines, or compensating affected individuals. By implementing robust data protection measures, the risk of financial loss can be minimised and resources can be allocated to their core mission.

Damage to Reputation

NPOs and civil society organizations in general rely heavily on the trust and support of their stakeholders, including donors, partners, and the civil society at large. A data breach or mishandling of sensitive information can severely damage their reputation. Negative publicity, loss of trust, and public scrutiny can have long-term consequences. 

What to Do: Take Action

Digital Security

One of the primary steps in ensuring data protection is to prioritize digital security—measures to secure all data collected, processed, or stored electronically. This includes implementing robust firewalls, encryption techniques, and access controls to prevent unauthorized access or damage to sensitive information. Regularly updating security software and conducting vulnerability assessments can help identify and address any potential vulnerabilities in the organization’s systems. Additionally, establishing strong internal policies and educating staff about cybersecurity best practices can significantly enhance data protection.

Transparency

It is crucial to provide data subjects with enough information to make informed decisions about the data collected from them to obtain informed consent. This includes being transparent about the purpose of data collection, how it will be used, and whether it will be shared with any third parties. This can be achieved through clear and concise privacy policies, consent forms, and opt-in mechanisms. 

Compliance

Compliance with relevant data privacy and protection laws can minimise the risk of legal consequences and demonstrate their commitment to protecting individuals’ privacy.

The Personal Data Protection and Privacy Act 2019, spells out specific regulations on data handling. It may also be helpful for NPOs to familiarise themselves with international laws, such as the General Data Protection Regulation (GDPR), to stay informed about how data may be used by third parties operating under EU jurisdiction. This also ensures that they (NPOs) handle data from the same jurisdiction in a way that aligns with the required standards.

Where To Start: Available Resources 

  • At DPI, we provide training and capacity building in data privacy and protection specifically tailored for NGOs. Feel free to reach out to us here for assistance.
unnamed (3)

The Strength of Strategic Coalitions: Showcasing the Impact of the Digital Security Alliance and NPO Coalition on FATF.

The pivotal role played by strategic coalitions in advancing our mission cannot be overstated. This month we highlight key wins of the Digital Security Alliance (DSA) and the NPO Coalition on FATF, shedding light on their contributions to empowering Human Rights Defenders (HRDs) and cultivating supportive ecosystems.

Digital Security Alliance (DSA)

Digital Security Clinics:

Through our Digital Security Clinics, we have significantly extended our impact in fortifying the cybersecurity resilience of HRDs. This month’s focus was on empowering grassroots HRDs and CBOs, which are most burdened with emerging digital challenges such as limited access due to slow or no internet connectivity, data loss, and the absence of enabling ICT hardware and infrastructure, such as cell towers and computers.

The Digital Security Clinics successfully fortified the digital security capacity of civil society organizations (CSOs) in the Eastern subregion, including the Pallisa Civil Society Organization Network (PACONET), Public Affairs Center of Uganda (PACUganda), Soroti, the Kapchorwa Civil Society Organizations Alliance, and the Joshua’s Cheptegei Development Foundation.

DSA served as the official digital security partner for the 5th edition of the Human Rights Convention hosted by Chapter Four Uganda and the 5th Annual Women’s Week hosted by Uganda Women’s Network (UWONET). These workshops addressed multifaceted issues, including limited access, insufficient digital literacy, and socio-cultural barriers discouraging women’s engagement with ICT.

NPO Coalition on FATF

Global NPO Consultation on Recommendation 8

The Global NPO Coalition on FATF played a pivotal role in the success of the “Risk and Consequence: The Future of FATF Recommendation 8 for Financial Integrity and Civil Society” conference. This convening brought together policymakers, standard setters, financial institutions, nonprofit organizations (NPOs), multilateral organisations, academics, and think tanks, all of whom contributed their input to the revision of the FATF Recommendation 8.

Furthermore, the Coalition submitted recommendations to the FATF Public Consultation on revisions to Recommendation 8 and its Interpretive Note. The approved revised standard clarifies the application of the risk-based approach, acknowledges sectoral self-regulation measures, and explicitly states that NPOs should not be considered obliged entities.

As we reflect on the achievements of the Digital Security Alliance and NPO Coalition on FATF, we are inspired to continue fostering alliances, enhancing outreach, and creating lasting impacts on the front lines of advocacy. The journey toward safeguarding human rights defenders remains a collective endeavor, and we look forward to the shared progress that lies ahead.

For Blog.

Simple Digital Security Measures YOU Should Implement

As we end #CyberSecurityAwareness month, you have most likely consumed a wealth of information, including dos and don’ts, warnings, and cautionary tales. We understand that some of this content might appear complex or daunting to grasp. So here are a few straightforward yet highly impactful digital security measures that you can implement today to stay one step ahead in the realm of cybersecurity.

Securing Your Messages and Calls 

While most messaging platforms like Signal, WhatsApp, and Telegram offer end-to-end encryption for messages and calls, you can go a step further in fortifying the security of your communications by using Face ID or Finger Print Lock as an additional layer of protection from unauthorized access to your messages.

However, it is important to utilize this feature alongside a pattern unlock or PIN because once biometric data is compromised, it cannot be replaced.

For Apple users, it’s important to limit the scope of your messages and, if necessary, disable messages in iCloud for enhanced privacy and security. By doing this, you can restrict the synchronization of your messages to a single device, minimizing the risk of unauthorized access or data leaks.

Using  VPN for Secure Browsing

In Uganda, many of us primarily associate Virtual Private Networks (VPNs) with bypassing blocked social media platforms like Facebook. However, the utility of VPNs extends far beyond this. They add a crucial layer of security by encrypting your internet connection and shielding your online activities from prying eyes whether you are engaged in tasks within your Google Suite or conducting online banking transactions

Browsers like Opera and Tor come with a built-in VPN, eliminating the need to constantly toggle it on and off. 

Password and Pass-Keys Generators

Managing strong and unique passwords for all your online accounts can be a daunting task. Luckily, both the Play and App stores offer a password generator that can generate and save passwords for your multiple online accounts. However, exercise caution and use this feature on private computers only. Unauthorized access to your Google Account or Apple ID could lead to breaches of your other accounts.

Software Updates 

Downloading and installing software updates for your devices and the applications used on them is one of the simplest methods to maintain optimal digital security. These updates enable tech companies to fix any bugs and vulnerabilities in their products that could be exploited by hackers or malware. Don’t ignore that software update notification on your computer any longer!

By implementing these simple digital security measures, you can significantly enhance your online safety and protect your valuable information from potential threats. Remember to remain vigilant and enjoy secure browsing.

2nd

Harnessing the Potential of Collaboration and Partnerships for Social Impact

The significance of partnerships and collaborative efforts in advancing the goals and activities of civil society has become more evident than ever before. This month, we take a moment to reflect on the profound impact of collaboration and partnership in advancing our mandate.


Fostering Knowledge Exchange
In collaboration with the Civic Advisory Hub and the NPO Coalition on FATF – East and Southern Africa Chapter, we took a significant step forward in advocacy efforts for the adoption of a risk-based approach to the monitoring and legislation of NPOs in the context of countering terrorism financing.


During a successful webinar titled “Understanding NPO Risk Assessment on Terrorism Financing,” NPO leaders from the region shared their experiences, lessons learned, and criteria for NPO risk assessment working groups. Together, we explored the critical role that NGOs play in these assessments and discussed the essential qualities required for effective participation.


Empowering Communities through Digital Security: Our #RoadToFIFAfrica Journey
We embarked on an exhilarating regional campaign known as #RoadToFIFAfrica, spanning from Kampala to Nairobi, Mombasa, and culminating in Dar es Salaam. Throughout this journey, we actively connected with local communities, students, CBOs, and NGOs to address the vital topic of digital security. Our mission was clear: to equip individuals and organizations with essential digital security skills, provide them with valuable tools and knowledge, and empower them to navigate the digital world safely and confidently.


Championing Internet Freedom at FIFAfrica23
With support from CIPESA Uganda and in collaboration with Encrypt Uganda, and HRD Andrew Gole, our commitment to digital security extended to Africa’s largest gathering on Internet freedom, the Forum for Internet Freedom in Africa (#FIFAfrica23). Through the Digital Security Alliance, we extended digital security support to some of the brightest minds in Africa and worldwide, fueling their tireless efforts to safeguard internet freedom both on the continent and globally.


Multi-Sector Support and Collaboration
In addition to these dynamic initiatives, we maintain active engagement with key government ministries and agencies including the Financial Intelligence Authority (FIA) and the National Information Technology Authority (NITA-U) among others.


Our objective is to provide valuable sector insights and foster collaboration to create an enabling and supportive environment for Human Rights Defenders(HRDs) and activists. Through our regional “Talk To Your Regulator” sessions, we aim to strike a delicate balance between fostering compliance and preventing excessive regulation. We achieve this by creating awareness among NGOs about their legal compliance requirements and responsibilities while also engaging regulators on the unintended consequences that overly restrictive regulations can have on the sector. Our ultimate goal is to ensure that members of civil society can effectively fulfill their missions. This month’s engagement took place in Hoima, marking another milestone in this ongoing effort.


Suffice it to say that our journey this month underscores the power of collaboration and partnerships in driving transformative change and fostering social impact. Here’s to more partnerships and collaborations ahead.

1corona digital threats

Digital Security Risks Human Rights NGOs were Exposed to during COVID-19 Pandemic Lockdowns

A week after the World Health Organisation (WHO) declared COVID 19 a global pandemic, Uganda registered its first case. A month later, the disease was widespread across the country, prompting the operationalization of WHO-recommended and Government-imposed emergency measures to contain the spread of the virus. These included partial and eventually total lockdowns, a ban on social gatherings of more than five people, the shutdown of public transport, air travel, and the closure of businesses except for vital sectors like food and health.

To ensure continuity of operations, NGOs, much like other businesses/organizations across the globe, had to heavily depend on digital tools to continue operations which led to the “Zoom-Era.” The era of working from home/remotely aided by digital applications like conferencing platforms like Zoom, which allows for up to 500 participants, voice, and video, messaging apps, and digital collaborative workspaces in the absence of offices and physical engagement.

For the highly tech-driven economies from the developed world, this transition was undoubtedly an inconvenient adjustment; unfortunately for developing countries like Uganda, with substantial deficiencies in ICT infrastructure, where only a sixth (1/6) of the population has access to the internet, and 36% of the non-internet users are digitally illiterate, it was nothing short of a catastrophe.

The Not-for-profit sector was one of those hardest hit by this transformation since the bulk of their work entails awareness and capacity building engagements, socio-civic advocacy/activism, community meetings, and outreach. 

The Digital Security Alliance (DSA), a coordinated digital security support mechanism for human rights defenders, activists, and journalists in Uganda, that is led by Defenders Protection Initiative, with funding from the Collaboration on International ICT Policy in East and Southern Africa (CIPESA) under the African Digital Rights Fund, undertook the study, to Assessing the Levels of digital security risk to which Human Rights NGOs were Exposed to after the adoption of technology tools for business continuity during the COVID-19 Pandemic Lockdowns in Uganda. 

This study, therefore, sought to investigate the digital security risks associated with the adoption of technological tools given the human rights landscape in Uganda and against the backdrop of the COVID pandemic.

The main objective of the research was; To identify gaps and vulnerabilities that are exposing human rights organizations to digital security risks to develop strategies to build capacity to mitigate any future threats of cyber-attacks, privacy & data breaches.

The study targeted 50 NGOs across Uganda. To obtain comprehensive data sets, it necessitated the selection of respondents from both frontline officers involved in implementing day-to-day activities of human rights NGOs and critical decision-makers such as Executive Directors, Program Managers, Department Heads and Advocacy Officers.

Guided by the research questions; “Did the adoption of digital platforms expose NGO to any cybersecurity-related challenges? Was the adoption of digital platforms effective in NGOs’ business continuity?” we were able to obtain the following evidence.

Level of Exposure to Digital Tools Prior COVID 19

The research revealed that 50% of the respondents were moderately exposed to digital security tools before the COVID 19 lockdown. Frontline offices pointed out that their work primarily constituted physical engagements with their partners and beneficiaries, which limited the number of tech tools and frequency. The most commonly used digital tools were voice conferencing call facilities, voice over internet services like Skype, digital collaboration tools like Google Suite, Gmail, Google Drive, Google Meet, and Google Docs. Social media platforms including Facebook, Twitter, and YouTube. However, with the outbreak of COVID 19 and subsequent lockdown, NGOs had to adopt “new” ICT tools and depend on the ones already in use more heavily to ensure

business continuity. Respondents reported to have adopted video conferencing and collaboration platforms; Zoom, BlueJeans, Google Meet, Jitsi, KumoSpace, Microsoft Teams, and GoTo Meetings. These are mainly used to facilitate internal communication/conducting staff meetings (19%), communicate with participants (18%), conducting workshops (15%), communicating and liaising with donors (14%), and providing support to beneficiaries (14%).

Challenges Faced During and as a Result of Adopting ICT Tools

Facilitating business continuity, increasing efficiency, improving time management, and other benefits of information and communication technology (ICT) mainstreaming notwithstanding, the adoption of tech tools was not without challenges. NGO heads reported internet interruptions as their biggest challenge. Interruptions were either unstable or, for the case of rural areas, non-existent networks—slow internet connections due to the minimal broadband coverage. 3G covers only 65% of the population, and LTE/4G covers only 17%.

NGO staff in urban areas with access to 4G speeds that could support data-intensive apps like video conferencing tools were affected by the high cost of data. Individuals reported having spent on average 127,500 UGX per month purchasing internet data packages—a stretch for most middle seized NGOs without an internet budget big enough to cover 127,000 worth of data for each staff.
The above interferences are compounded by frequent power cuts, which affect enabling ICT hardware and infrastructure such as the cell towers, desktops, MiFis, and modems.

Exposure to Digital Security Risks

Much like the COVID 19 pandemic, the adoption of tech tools and mainstreaming of ICT were novel. The timing and abrupt nature of the circumstances also did not allow for adequate preparation and training on using the digital tools and digital security concerns. These, therefore, paused unprecedented risks. 98% of the respondents reported having been exposed to some sort of digital security risk. Of the reported cases, we deduced that 52% of these were exposed to digital threats while using personal computers as opposed to the 48% who faced threats while using organization-provided computers.

It was inferred from the findings that the organizations whose works centres on social development, justice, law and order, health, education, ICT, and accountability reported digital threats more frequently. However, this comes as no surprise, especially in the Ugandan context, whose civic environment is marred by intimidation, torture, and killing of social justice leaders, illegal detentions and evictions, and a restrictive legal framework, among others. However, the research findings highlighted the varying degree in threat level exposure as experienced by different genders and reaffirmed the disproportionate impact of COVID 19 on women and children. This is evidenced by NGOs operating in the thematic area of Women’s rights and reporting the most frequent (26%) exposure to digital security risks from using technology tools adopted during COVID-19 lockdown.

hacker-attack

Top Ways Businesses get Hacked

Bait and Switch Attack

Using trusted marketing methods such as paid-for advertising on websites, attackers can trick you into visiting malicious sites. When websites sell advertising space, it can be purchased by rogue attackers. The bona fide advertisement can be replaced with a ‘bad’ link that can be used to download malware, lock up your browser, or compromise your systems.

Alternatively, the advertisement may link to a legitimate website, but it will be programmed to redirect you to a harmful site

Key Logger

A key logger is a small piece of software that, when downloaded into your computer, will record every keystroke. The key logger will capture every keystroke on the keyboard, every username, password and credit card number, etc., exposing all of your data and personal information

Denial of Service (DoS\DDoS) Attacks

A Denial of Service attack is a hacking technique designed to flood your web server with a myriad of requests to the point that it overloads the web server resulting in a website crash.

To do this, hackers will deploy botnets or zombie computers that have a single task, flood your web site with data requests

ClickJacking Attacks

This method tricks you into clicking on something different from what you thought you were clicking. The clickjacking element could be a button on a web page that, when clicked, performs another function, allowing others to take control of the computer. The host website may not be aware of the existence of the clickjacking element.

Fake W.A.P.

A hacker can use software to impersonate a wireless access point (W.A.P.), which can connect to the ‘official’ public place W.A.P. that you are using. Once you get connected to the fake W.A.P., a hacker can access your data.

To fool you, the hacker will give the fake W.A.P. an apparent genuine name such as ’T.F. Green Aiport Free WiFi.’

Cookie Theft


The cookies in your web browsers (Chrome, Safari, etc.) store personal data such as browsing history, username, and passwords for different sites we access. Hackers will send I.P. (data) packets that pass through your computer, and they can do that if the website you are browsing doesn’t have an SSL (Secure Socket Layer) certificate. Websites that begin with HTTPS:// are secure, whereas sites that start with HTTP:// (no ‘S’) do not have SSL and are NOT considered secure.

Viruses and Trojans

Viruses or Trojans are malicious software programs that, when installed on your computer, will send your data to the hacker. They can also lock your files, spread to all the computers connected to your network, and perform many other nasty actions.

Seek for a Security Check

As you can see, it is all too easy to have your business systems inadvertently compromised, you can seek for a security check to secure to protect your business. It is tailored to the needs of each business.   click here

hack-whatsapp-1024x682

WhatsApp 2FA: Secure Yourself From This Simple Hack

Imagine someone has taken over your account, what would happen to you and the people who contact you on WhatsApp?

Just as it is easy to fresh install of WhatsApp for your new phone is also how easy an attacker would gain access to your WhatsApp and possibly start a conversation with your friends claiming it is you.

Most times, the direct risk is not to you if you’re attacked, but to your contacts. They can expect to receive requests for data or even emergency funds. This is social engineering at its best. We would trust an end-to-end encrypted platform, a message from a trusted friend and so are coded to have our guards down and rather feel pity in these circumstances.

The repercussions of this happening are beyond imagination. This can even further spread to more of your contacts having there WhatsApp accounts taken over.
With the account taken over, the attackers could then message contacts in the groups you are in as if from the account holder (you), as well as any other contacts whose WhatsApp messages were received after the take over. No legacy data is compromised. The target device remains untouched. WhatsApp has simply been ghosted onto an illegitimate device.

It is surprising how many people have not yet enabled the Two-step verification PIN in WhatsApp—almost everyone we have asked has yet to set it up. If you’re the same, then please take that minute and set it up now. 

The Question now is, How do we prevent this from happening to you for the first time or again?

WhatsApp introduced a feature where you can set a PIN of your own choice and even an email address just in case you forget your PIN. The PIN is your own verification to confirm that it is you even after inputting the SMS verification so you do not otherwise have to share your PIN with anyone.

You can find this feature in your WhatsApp setting > Account > Two-step verification: There you will be prompted to enable your PIN and confirm it, then you will also be asked to type in an email address to use to recover your account in case you forget your PIN