Welcome to Digital Defense Freeze, an interactive Cyber Risk Traffic Light Game designed to sharpen rapid decision-making, strengthen teamwork, and build practical threat-analysis skills for CSOs, journalists, activists, and human rights defenders
In today’s rapidly evolving digital landscape, every online action carries some level of risk. This game helps participants practice identifying threats, debating complex scenarios, and choosing the safest path forward using the familiar Green, Amber, and Red traffic-light system.
Through realistic, high-pressure situations drawn from our civic space in Uganda, teams will think critically, argue their positions, and learn how to move from guesswork to informed security judgments.
Get ready to assess, debate, decide, and freeze when the risks spike!
This September, Defenders Protection Initiative (DPI) proudly joined digital rights defenders, technologists, and changemakers from across Africa and beyond at #FIFAfrica25 in Windhoek, Namibia. But this wasn’t your typical conference, it was an immersive journey through the digital challenges facing human rights defenders today.
CIPESA’s Internet Freedom Maze turned abstract cybersecurity concepts into visceral, first-hand experiences. DPI was honored to take part in two critical spaces within this experience:
Zone 1 – The Trap of Uncertainty, and
The Digital Security Citadel, a live, hands-on tech corner of the exhibition.
Zone 1: Phishing, Power, and Practicality
At the heart of the maze stood Zone 1: The Trap of Uncertainty where participants were confronted with a question we all should ask more often: “Am I truly safe online?”
DPI’s Communications Executive, Noelyn Nassuna, alongside Ogira Charles Donaldson, a member of the Digital Security Alliance hosted by DPI, led this space with thought-provoking simulations and real-time awareness-building. They guided participants through phishing simulations where QR codes led to realistic scam scenarios. It was a mirror into our digital behaviors forcing participants to pause, reflect, and often, realize they weren’t as secure as they thought.
To support learning beyond the simulation, DPI distributed custom-designed IEC materials, including ring cards with easy-to-understand security tips, tool recommendations, and practical digital hygiene reminders. These materials proved to be not just souvenirs but starter kits for better online habits.
At the Citadel: DPI’s Digital Doctors in Action
While Zone 1 tested instincts, the Digital Security Citadel gave participants tools and knowledge to strengthen those instincts.
Here, DPI’s Fred Drapari (ICT Executive) joined a team of digital security “doctors” including:
Gole Andrew, who impressively rode a motorcycle all the way from Uganda to Namibia in the name of digital resilience,
Hapee De Groot, a long-time digital security ally whose practical support and insight added great value,
Brian Byaruhanga from CIPESA, and
Several other seasoned practitioners from the Digital Security Alliance.
The Citadel offered:
Hands-on demos of Microsoft Office security settings
Guided installs and education around tools like Kaspersky antivirus, Bitdefender Security among others
Walkthroughs of encrypted messaging, password management, and 2FA
A rerun of the phishing simulation for those who missed Zone 1 or wanted to try again
It wasn’t just a tech station, it was a real-time consultation corner where participants could ask, test, fail, learn, and try again.
Building Connections Beyond the Booth
FIFAfrica25 wasn’t only about simulation and tech it was about connection and collaboration.
At both the Maze and the Citadel, DPI engaged with:
Funders and donor agencies interested in expanding the reach of digital protection work
Civic actors and journalists facing similar threats across the continent
Techies and tool builders contributing to the ecosystem of safe digital activism
From spontaneous hallway conversations to deeply technical Citadel demos, every interaction reinforced a shared vision: digital resilience is no longer optional – it’s essential.
What We’re Taking Home
As DPI returns home from Windhoek, we do so with renewed clarity and purpose. We plan to:
Expand the phishing simulation quiz into a broader campaign across civil society and media spaces
Print more of our IEC ring cards for wider distribution
Integrate new toolkits and tactics into our ongoing Digital Security Clinics and Bootcamps
Strengthen our collaborations with fellow Digital Security Alliance members and regional partners
FIFAfrica25 reminded us that defending the defenders is not just a slogan: it’s a strategy that requires tools, creativity, and deep community.
Using trusted marketing methods such as paid-for advertising on websites, attackers can trick you into visiting malicious sites. When websites sell advertising space, it can be purchased by rogue attackers. The bona fide advertisement can be replaced with a ‘bad’ link that can be used to download malware, lock up your browser, or compromise your systems.
Alternatively, the advertisement may link to a legitimate website, but it will be programmed to redirect you to a harmful site
Key Logger
A key logger is a small piece of software that, when downloaded into your computer, will record every keystroke. The key logger will capture every keystroke on the keyboard, every username, password and credit card number, etc., exposing all of your data and personal information
Denial of Service (DoS\DDoS) Attacks
A Denial of Service attack is a hacking technique designed to flood your web server with a myriad of requests to the point that it overloads the web server resulting in a website crash.
To do this, hackers will deploy botnets or zombie computers that have a single task, flood your web site with data requests
ClickJacking Attacks
This method tricks you into clicking on something different from what you thought you were clicking. The clickjacking element could be a button on a web page that, when clicked, performs another function, allowing others to take control of the computer. The host website may not be aware of the existence of the clickjacking element.
Fake W.A.P.
A hacker can use software to impersonate a wireless access point (W.A.P.), which can connect to the ‘official’ public place W.A.P. that you are using. Once you get connected to the fake W.A.P., a hacker can access your data.
To fool you, the hacker will give the fake W.A.P. an apparent genuine name such as ’T.F. Green Aiport Free WiFi.’
Cookie Theft
The cookies in your web browsers (Chrome, Safari, etc.) store personal data such as browsing history, username, and passwords for different sites we access. Hackers will send I.P. (data) packets that pass through your computer, and they can do that if the website you are browsing doesn’t have an SSL (Secure Socket Layer) certificate. Websites that begin with HTTPS:// are secure, whereas sites that start with HTTP:// (no ‘S’) do not have SSL and are NOT considered secure.
Viruses and Trojans
Viruses or Trojans are malicious software programs that, when installed on your computer, will send your data to the hacker. They can also lock your files, spread to all the computers connected to your network, and perform many other nasty actions.
As you can see, it is all too easy to have your business systems inadvertently compromised, you can seek for a security check to secure to protect your business. It is tailored to the needs of each business. click here
Imagine someone has taken over your account, what would happen to you and the people who contact you on WhatsApp?
Just as it is easy to fresh install of WhatsApp for your new phone is also how easy an attacker would gain access to your WhatsApp and possibly start a conversation with your friends claiming it is you.
Most times, the direct risk is not to you if you’re attacked, but to your contacts. They can expect to receive requests for data or even emergency funds. This is social engineering at its best. We would trust an end-to-end encrypted platform, a message from a trusted friend and so are coded to have our guards down and rather feel pity in these circumstances.
The repercussions of this happening are beyond imagination. This can even further spread to more of your contacts having there WhatsApp accounts taken over. With the account taken over, the attackers could then message contacts in the groups you are in as if from the account holder (you), as well as any other contacts whose WhatsApp messages were received after the take over. No legacy data is compromised. The target device remains untouched. WhatsApp has simply been ghosted onto an illegitimate device.
It is surprising how many people have not yet enabled the Two-step verification PIN in WhatsApp—almost everyone we have asked has yet to set it up. If you’re the same, then please take that minute and set it up now.
The Question now is, How do we prevent this from happening to you for the first time or again?
WhatsApp introduced a feature where you can set a PIN of your own choice and even an email address just in case you forget your PIN. The PIN is your own verification to confirm that it is you even after inputting the SMS verification so you do not otherwise have to share your PIN with anyone.
You can find this feature in your WhatsApp setting > Account > Two-step verification: There you will be prompted to enable your PIN and confirm it, then you will also be asked to type in an email address to use to recover your account in case you forget your PIN
Phishing is the fraudulent attempt to
obtain sensitive information such as usernames, passwords and credit card
details by disguising oneself as a trustworthy entity in an electronic
communication.
Shopping Basket
Scan the code
Hello 👋 We're available on WhatsApp. Can we help you?
