Published by NetAction Issue No. 87 October 17, 2002 Repost where appropriate. Copyright and subscription info at end of message. * * * * * * * In This Issue: A Cyber Security Checklist Digital Documentaries Locals Like Email About NetAction Notes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ A Cyber Security Checklist It's not really surprising that many nonprofit organizations aren't doing everything they should to keep their computer systems secure. Technology can be quite complicated and intimidating, and even in a strong economy many nonprofit organizations can't afford the expense. What is surprising is that the same problems exist in the business world. According to a recent survey of corporate computer security experts at more than 225 companies around the world (http://www.redsiren.com/survey.html), nearly one-third of the businesses don't have adequate plans for dealing with a cyber-terrorist attack. Although the questions weren't exactly the same, NetAction's earlier survey of computer security in nonprofit organizations (http://www.netaction.org/security/) found that one-third of the respondents felt their organization's security practices needed improvement. It may be tempting to take comfort in the fact that security vulnerabilities are not unique to nonprofit organizations, but it would be a mistake. For as we noted in NetAction's survey report computers are increasingly important to the mission of many nonprofit organizations, and non-profits are much less likely to have the financial resources to recover from a cyber attack. So to help nonprofits assess their cyber security practices, NetAction prepared the following checklist: 1) Do your work habits promote security? Always log off when you aren't using your computer. The most basic and low-tech security practice is to lock or shut down a computer when it's not in use. If you don't do this, there's no point in password-protecting your hard drive. When users are logged off, passwords and user names are your first line of defense. Use passwords that are difficult to guess, and change them frequently. If you're worried that you'll forget your password, write it down and file it in a safe place. 2) Can your data be restored if your computer crashes? Regular backups are a crucial component of computer security. Documents and other data should be backed up daily. Backed up data can be stored on removable media (such as CDs), on a tape drive, or on a secure web site. Redundancy is the best strategy; create several backup sets so at least one is stored off site. It's also a good idea to periodically make a full backup of your hard drive so that if your hard drive crashes you won't have to reinstall each software program individually. Many new computers include CD drives that make data backups easy and affordable. External hard drives that can be disconnected and stored off site are an affordable option for backing up a complete hard drive. 3) Is your computer safe from viruses and worms? New computer viruses and worms are discovered all the time. Installing and regularly updating your anti-virus software is essential to maintaining the security of your computer files. 4) Is your computer safe from malicious hackers? Every computer connected to the Internet without a fire wall is vulnerable, but the risk is greater if you are using DSL or cable broadband, or are connected to an office network. Because these types of connections are typically always on, malicious hackers can get into your computer and steal confidential information, deface your organization's web site, or use your computer as part of a distributed denial of service (DDoS) attack directed at another server. Fire wall software that can be installed on individual computers is available from many of the same developers who produce anti-virus software, such as Symantec and McAffee. In offices with networked computers, there may be a separate hard drive that serves as a fire wall for the entire network. While that may be sufficient to prevent break ins from outside the network, it's still a good idea to install software fire walls on individual computers to prevent unauthorized access from users within the network. 5) Are your mailing lists safe from spammers? Email lists are frequent targets of spam, so mailing list security should be a high priority if you operate any mailing lists. If you are running commercial list software, such as majordomo, configure your email lists so only the list owner has access to subscribers' addresses. If you are using your email client software, such as Eudora or Outlook, avoid disclosing subscribers' addresses by putting all of your recipients' addresses in the "Bcc" field. If you are using an application service provider, such as Topica or Yahoo Groups, make sure the lists are configured to prevent the disclosure of addresses. Also, backup your subscriber list regularly. Those addresses are one of your organization's most important assets! 6) Are your confidential files safe from snoopers? Nearly everyone stores some data on their computer that is sensitive or confidential. Use passwords and encryption to protect private data. Disable operating system features that allow files to be shared unless it's absolutely necessary, and when you do allow sharing use passwords to ensure that only authorized users have access. If you send or receive confidential data, encrypt your email messages. 7) Are you prepared for the worst? Hard drives crash; accidents happen, natural disasters occur without warning. If you depend on computers, disaster planning is a necessity. Start by keeping an up-to-date backup of your hard drive off site, but don't stop there. Inventory your hardware, software and service providers. Ask yourself what it would take to get back online if your office was destroyed in an earthquake or fire. Write it all down and keep a copy with your off site backup. Periodically review your plan to make sure it's up-to-date. 8) Do you check "under the hood" periodically? Although not strictly a security issue, good disk maintenance is also important,. Several software vendors sell utility tools (such as Norton System Works) that can alert you to and fix minor problems, and sometimes even retrieve lost data. Specific maintenance requirements vary, so review the User Guide that comes with the software and check your disk periodically to ensure optimal performance. This Cyber Security Checklist is one of several checklists included in NetAction's Virtual Activist Reader. Download the complete Reader at http://www.netaction.org/training. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Digital Documentaries Earlier this year I had the privilege of moderating a panel on Emerging Technologies at a regional conference hosted by the Nonprofit Technology Enterprise Network. One of the emerging technologies that conference organizers identified was digital video advocacy. Over the past couple of years digital video has become increasingly popular, both as a consumer hobby and as a tool for Internet activists. It's easy to see why: digital video cameras are relatively affordable and easy to use; software applications for editing and viewing digital video is bundled with most computers sold on the consumer market; and video files can be downloaded fairly quickly with a broadband Internet connection. In his presentation at the N-TEN conference, CompuMentor's Eric Leland identified several key reasons for using digital video for advocacy: - It has the power to evoke emotions that activists can tap to inspire action. - It's a portable media that activists can use for education as well as advocacy. - The depth and breadth of information goes beyond what can be conveyed in print. - Activists have used video successfully to promote their goals. Eric's written presentation (along with others from the conference) can be found at (http://www.nten.org/conferences-2002-sf-materials). It includes references to several online resources including how-to articles and case studies of digital documentaries. One powerful example of successful digital video advocacy that Eric describes is "Bought & Sold," a documentary about the transport of Russian women for prostitution that was broadcast on CNN, BBC, and other networks. Viewers were so outraged that shortly after the documentary aired on Ukrainian television that government passed a law making the practice a crime, and President Clinton allocated funds to U.S. law enforcement agencies to coordinate a response to stop the practice. Another very creative example of digital video advocacy is the OneWorld TV project (http://tv.oneworld.net/). OneWorld International is a global community of social change organizations. The OneWorld TV project features RealVideo clips of people telling their stories, and invites viewers to contribute their own clips to add to the commentary. According to NetAction advisory board member Judi Clark, projects such as OneWorld TV have the potential to bring life to nonprofit causes: "This could have an interesting impact on minimizing global differences -- seeing what others are like, what their daily struggles are about, how important community, politics and news are in different regions. School reports on foreign nations could take on a whole new (lifelike) dimension," she commented. One of my own experiments with digital video unintentionally proved to be a useful tool for recruiting volunteers. On a recent evening in San Francisco, a small group of reproductive rights activists participated in a "pub crawl" on behalf of the California Abortion and Reproductive Rights Action League (CARAL) to distribute information on emergency contraception to bar patrons. I followed along with a video camera and produced a brief QuickTime movie for CARAL's web site (http://www.choice.org/EC_Pub_Crawl.mov). My goal in creating the movie was to provide some recognition for CARAL's volunteers, but shortly after the movie was posted on the web site I received an email message from Laurie Beijen, a co-chair of the volunteer committee that had organized the pub crawl: "We've gotten such great response to this! I've even been getting emails from people who haven't previously been involved with CARAL. . . it is a great recruitment tool," she wrote. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Locals Like Email NetAction has generally advised activists not to rely on email to communicate with elected officials. While we still advise against using email to communicate with Congress, we were pleased to learn that a recent study found that constituent email is effective when dealing with local elected officials. The results of a recent survey of mayors and city council members by the Pew Internet & American Life Project found that 88% of local elected officials use the Internet for official duties, 74% of online local officials feel that email from constituents helps them understand public opinion, and 61% of online local officials use email to communicate with citizens at least once a week. The complete survey report, "Digital Town Hall: How Local Officials Use the Internet and the Civic Benefits They Cite from Dealing with Constituents Online," is on the web at (http://www.pewinternet.org/reports/toc.asp?Report=74). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ About NetAction Notes NetAction Notes is a free electronic newsletter, published by NetAction. NetAction is a national, nonprofit organization dedicated to promoting use of the Internet for grassroots citizen action, and to educating the public and policy makers about technology policy issues. To subscribe to NetAction Notes, send a message to: <majordomo@netaction.org> The body of the message should state: <subscribe netaction> To unsubscribe at any time, send a message to: <majordomo@netaction.org> The body of the message should state: <unsubscribe netaction> NetAction is supported by individual contributions and grants. You can make a credit card donation from NetAction's secure server at: <https://secure.manymedia.com/netaction/form.html>. For more information about contributing to NetAction, contact Audrie Krause by phone at (415) 775-8674, by E-mail at mailto:audrie@netaction.org>, visit the NetAction Web site at <http://www.netaction.org>, or write to: NetAction * 601 Van Ness Ave., No. 631 * San Francisco, CA 94102 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Copyright 1996-2002 by NetAction/The Tides Center. All rights reserved. Material may be reposted or reproduced for non-commercial use provided NetAction is cited as the source. NetAction is a project of The Tides Center, a 501(c)(3) non-profit organization. ========== HURIDOCS-Tech listserv ========== Send mail intended for the list to <huridocs-tech@hrea.org>. Archives of the list can be found at: http://www.hrea.org/lists/huridocs-tech/markup/maillist.php To subscribe to the list, send a message to <majordomo@hrea.org>, with the following text in the message: subscribe huridocs-tech To unsubscribe from the list, send a message to <majordomo@hrea.org>, with the following text in the message: unsubscribe huridocs-tech If you have problems (un)subscribing, contact <owner-huridocs-tech@hrea.org>.
[Reply to this message] [Start a new topic] [Date Index] [Thread Index] [Author Index] [Subject Index] [List Home Page] [HREA Home Page]