WhatsApp Image 2025-12-10 at 13.18.41

Supporting Safer Digital Participation at DataFest Africa 2025: Our Clinic and Masterclass in Action

by AdvocacyAdvocacyDigital SecurityDigital SecurityProjects/Our Work Section

In October 2025, our team had the honor of participating in DataFest Africa 2025, organised by Pollicy, one of the continent’s leading convenings on data, technology, and innovation. As part of this vibrant gathering of technologists, researchers, civil society actors, policymakers, and creatives, we hosted a Digital Security Clinic, offering on-site support, guidance, and practical tools to participants navigating today’s fast-evolving digital landscape.

Why the Clinic Mattered

As digital spaces continue to expand across Africa, so do the risks that come with them including data misuse, online harassment, cyberstalking, image-based abuse, misinformation, account takeovers, and digital surveillance. For many activists, journalists, developers, and young innovators attending DataFest, these threats are not abstract; they are lived realities that affect their work, mental well-being, and personal safety.

Our clinic was designed as a safe, confidential, and responsive support space where participants could:

  • Seek one-on-one guidance on digital security and privacy
  • Report or discuss technology-facilitated gender-based violence
  • Get support on securing devices, accounts, and data
  • Receive mental health referrals and psychosocial first support after online abuse
  • Learn practical safety strategies for their work and activism

What We Offered on the Ground

Throughout the festival, our team provided:

  • Personalized digital risk assessments
  • Guidance on strong passwords, two-factor authentication, and safe browsing
  • Support on responding to online harassment, doxxing, and impersonation
  • Advice on safe content creation and data protection
  • Offered updated and genuine software like antivirus, MS Office, MS Word
  • Referral to trusted psychosocial and legal response partners where needed

Participants included women in tech, youth innovators, journalists, human rights defenders, researchers, and community organizers, many of whom were encountering structured digital safety support for the first time.

Key Reflections from the Clinic

Several key themes emerged from our engagement:

  • Online harm is deeply connected to offline safety, livelihoods, and mental health.
  • Many participants had experienced harassment, impersonation, or extortion but had never received professional support.
  • There is a strong demand for localized, continuous digital safety clinics, not just one-off trainings.
  • Women and young people remain disproportionately impacted by online violence and data misuse.

Building Resilient Digital Communities

Our presence at DataFest Africa 2025 reaffirmed the urgent need to move beyond awareness-raising alone. Safety must be practical, accessible, survivor-centered, and embedded into innovation spaces. Digital rights, data protection, and online wellbeing are not optional add-ons; they are essential foundations for meaningful participation in the digital economy.

By hosting this clinic, we demonstrated that large tech and data convenings can and should integrate real-time protection and support mechanisms alongside conversations on innovation, AI, governance, and development.

Masterclass: Shaping Youth Futures Through Digital Ownership

In addition to the digital safety clinic, we hosted a featured masterclass titled “Shaping Youth Futures Through Digital Ownership” at the National ICT Innovation Hub, Nakawa. The session brought together young people, innovators, and ecosystem actors to explore how digital ownership can unlock opportunity, protection, and economic independence for African youth. Participants engaged deeply with what digital ownership truly means in today’s platform-dominated economy, emphasizing the importance of owning data, digital skills, content, and platforms as a foundation for sustainable digital participation.

The masterclass examined how young people can transition from being passive digital consumers to empowered digital creators and owners, while critically reflecting on the risks of digital exploitation, platform dependence, and unsafe monetization. It further highlighted the role of policy, infrastructure, and community networks in protecting young digital entrepreneurs. The session was co-led by Noelyn Nassuuna, Raymond Amumpaire, and Owilla Abiro Mercy, who collectively challenged participants to think beyond access toward control, agency, safety, and sustainability in the digital economy.

Looking Ahead

Following DataFest Africa 2025, we are strengthening our:

  • Mobile digital safety clinics
  • Survivor-centered referral pathways
  • Youth and women-focused digital resilience programming
  • Partnerships with tech platforms, mental health professionals, and legal responders

We remain committed to ensuring that no one has to choose between visibility and safety, innovation and wellbeing, or participation and protection in digital spaces.

The Cyber Risk Traffic Light Game for CSOs

Introduction to the Cyber Risk Traffic Light Game: Digital Defense Freeze

by Civic SpaceDigital SecurityDigital SecurityProjects/Our Work SectionUncategorized

Welcome to Digital Defense Freeze, an interactive Cyber Risk Traffic Light Game designed to sharpen rapid decision-making, strengthen teamwork, and build practical threat-analysis skills for CSOs, journalists, activists, and human rights defenders

In today’s rapidly evolving digital landscape, every online action carries some level of risk. This game helps participants practice identifying threats, debating complex scenarios, and choosing the safest path forward using the familiar Green, Amber, and Red traffic-light system.

Through realistic, high-pressure situations drawn from our civic space in Uganda, teams will think critically, argue their positions, and learn how to move from guesswork to informed security judgments.

Get ready to assess, debate, decide, and freeze when the risks spike!

Download Game to Play

WhatsApp Image 2025-10-06 at 13.04.11

From Uncertainty to Resilience: DPI at the Digital Immersion at FIFAfrica25

by Digital SecurityDigital Security

This September, Defenders Protection Initiative (DPI) proudly joined digital rights defenders, technologists, and changemakers from across Africa and beyond at #FIFAfrica25 in Windhoek, Namibia. But this wasn’t your typical conference, it was an immersive journey through the digital challenges facing human rights defenders today.

CIPESA’s Internet Freedom Maze turned abstract cybersecurity concepts into visceral, first-hand experiences. DPI was honored to take part in two critical spaces within this experience:

  • Zone 1 – The Trap of Uncertainty, and
  • The Digital Security Citadel, a live, hands-on tech corner of the exhibition.

Zone 1: Phishing, Power, and Practicality

At the heart of the maze stood Zone 1: The Trap of Uncertainty where participants were confronted with a question we all should ask more often:
“Am I truly safe online?”

DPI’s Communications Executive, Noelyn Nassuna, alongside Ogira Charles Donaldson, a member of the Digital Security Alliance hosted by DPI, led this space with thought-provoking simulations and real-time awareness-building. They guided participants through phishing simulations where QR codes led to realistic scam scenarios. It was a mirror into our digital behaviors forcing participants to pause, reflect, and often, realize they weren’t as secure as they thought.

To support learning beyond the simulation, DPI distributed custom-designed IEC materials, including ring cards with easy-to-understand security tips, tool recommendations, and practical digital hygiene reminders. These materials proved to be not just souvenirs but starter kits for better online habits.

At the Citadel: DPI’s Digital Doctors in Action

While Zone 1 tested instincts, the Digital Security Citadel gave participants tools and knowledge to strengthen those instincts.

Here, DPI’s Fred Drapari (ICT Executive) joined a team of digital security “doctors” including:

  • Gole Andrew, who impressively rode a motorcycle all the way from Uganda to Namibia in the name of digital resilience,
  • Hapee De Groot, a long-time digital security ally whose practical support and insight added great value,
  • Brian Byaruhanga from CIPESA, and
  • Several other seasoned practitioners from the Digital Security Alliance.

The Citadel offered:

  • Hands-on demos of Microsoft Office security settings
  • Guided installs and education around tools like Kaspersky antivirus, Bitdefender Security among others
  • Walkthroughs of encrypted messaging, password management, and 2FA
  • A rerun of the phishing simulation for those who missed Zone 1 or wanted to try again

It wasn’t just a tech station, it was a real-time consultation corner where participants could ask, test, fail, learn, and try again.

Building Connections Beyond the Booth

FIFAfrica25 wasn’t only about simulation and tech it was about connection and collaboration.

At both the Maze and the Citadel, DPI engaged with:

  • Funders and donor agencies interested in expanding the reach of digital protection work
  • Civic actors and journalists facing similar threats across the continent
  • Techies and tool builders contributing to the ecosystem of safe digital activism

From spontaneous hallway conversations to deeply technical Citadel demos, every interaction reinforced a shared vision: digital resilience is no longer optional – it’s essential.

What We’re Taking Home

As DPI returns home from Windhoek, we do so with renewed clarity and purpose. We plan to:

  • Expand the phishing simulation quiz into a broader campaign across civil society and media spaces
  • Print more of our IEC ring cards for wider distribution
  • Integrate new toolkits and tactics into our ongoing Digital Security Clinics and Bootcamps
  • Strengthen our collaborations with fellow Digital Security Alliance members and regional partners

FIFAfrica25 reminded us that defending the defenders is not just a slogan: it’s a strategy that requires tools, creativity, and deep community.

Want to Connect?

📸 Check out snapshots from our booth, materials, and the simulation challenge on our page:
https://twitter.com/defprotection

Let’s keep the digital resistance alive – one safe click at a time.

#FIFAfrica25 #DigitalResilience #InternetFreedom #PhishingAwareness #Zone1 #DigitalSecurityCitadel #DigitalImmersion

 

hacker-attack

Top Ways Businesses get Hacked

by Digital Security

Bait and Switch Attack

Using trusted marketing methods such as paid-for advertising on websites, attackers can trick you into visiting malicious sites. When websites sell advertising space, it can be purchased by rogue attackers. The bona fide advertisement can be replaced with a ‘bad’ link that can be used to download malware, lock up your browser, or compromise your systems.

Alternatively, the advertisement may link to a legitimate website, but it will be programmed to redirect you to a harmful site

Key Logger

A key logger is a small piece of software that, when downloaded into your computer, will record every keystroke. The key logger will capture every keystroke on the keyboard, every username, password and credit card number, etc., exposing all of your data and personal information

Denial of Service (DoS\DDoS) Attacks

A Denial of Service attack is a hacking technique designed to flood your web server with a myriad of requests to the point that it overloads the web server resulting in a website crash.

To do this, hackers will deploy botnets or zombie computers that have a single task, flood your web site with data requests

ClickJacking Attacks

This method tricks you into clicking on something different from what you thought you were clicking. The clickjacking element could be a button on a web page that, when clicked, performs another function, allowing others to take control of the computer. The host website may not be aware of the existence of the clickjacking element.

Fake W.A.P.

A hacker can use software to impersonate a wireless access point (W.A.P.), which can connect to the ‘official’ public place W.A.P. that you are using. Once you get connected to the fake W.A.P., a hacker can access your data.

To fool you, the hacker will give the fake W.A.P. an apparent genuine name such as ’T.F. Green Aiport Free WiFi.’

Cookie Theft


The cookies in your web browsers (Chrome, Safari, etc.) store personal data such as browsing history, username, and passwords for different sites we access. Hackers will send I.P. (data) packets that pass through your computer, and they can do that if the website you are browsing doesn’t have an SSL (Secure Socket Layer) certificate. Websites that begin with HTTPS:// are secure, whereas sites that start with HTTP:// (no ‘S’) do not have SSL and are NOT considered secure.

Viruses and Trojans

Viruses or Trojans are malicious software programs that, when installed on your computer, will send your data to the hacker. They can also lock your files, spread to all the computers connected to your network, and perform many other nasty actions.

Seek for a Security Check

As you can see, it is all too easy to have your business systems inadvertently compromised, you can seek for a security check to secure to protect your business. It is tailored to the needs of each business.   click here

hack-whatsapp-1024x682

WhatsApp 2FA: Secure Yourself From This Simple Hack

by Digital SecurityWeb Applications

Imagine someone has taken over your account, what would happen to you and the people who contact you on WhatsApp?

Just as it is easy to fresh install of WhatsApp for your new phone is also how easy an attacker would gain access to your WhatsApp and possibly start a conversation with your friends claiming it is you.

Most times, the direct risk is not to you if you’re attacked, but to your contacts. They can expect to receive requests for data or even emergency funds. This is social engineering at its best. We would trust an end-to-end encrypted platform, a message from a trusted friend and so are coded to have our guards down and rather feel pity in these circumstances.

The repercussions of this happening are beyond imagination. This can even further spread to more of your contacts having there WhatsApp accounts taken over.
With the account taken over, the attackers could then message contacts in the groups you are in as if from the account holder (you), as well as any other contacts whose WhatsApp messages were received after the take over. No legacy data is compromised. The target device remains untouched. WhatsApp has simply been ghosted onto an illegitimate device.

It is surprising how many people have not yet enabled the Two-step verification PIN in WhatsApp—almost everyone we have asked has yet to set it up. If you’re the same, then please take that minute and set it up now. 

The Question now is, How do we prevent this from happening to you for the first time or again?

WhatsApp introduced a feature where you can set a PIN of your own choice and even an email address just in case you forget your PIN. The PIN is your own verification to confirm that it is you even after inputting the SMS verification so you do not otherwise have to share your PIN with anyone.

You can find this feature in your WhatsApp setting > Account > Two-step verification: There you will be prompted to enable your PIN and confirm it, then you will also be asked to type in an email address to use to recover your account in case you forget your PIN