NetAction Notes 87: Security Checklist & Digital Video

Published by NetAction            Issue No. 87              October 17, 2002

Repost where appropriate. Copyright and subscription info at end of message.
* * * * * * *
In This Issue:
A Cyber Security Checklist
Digital Documentaries
Locals Like Email
About NetAction Notes

A Cyber Security Checklist

It's not really surprising that many nonprofit organizations aren't 
doing everything they should to keep their computer systems secure. 
Technology can be quite complicated and intimidating, and even in a 
strong economy many nonprofit organizations can't afford the expense.

What is surprising is that the same problems exist in the business 
world.  According to a recent survey of corporate computer security 
experts at more than 225 companies around the world 
(, nearly one-third of the 
businesses don't have adequate plans for dealing with a 
cyber-terrorist attack. Although the questions weren't exactly the 
same, NetAction's earlier survey of computer security in nonprofit 
organizations ( found that 
one-third of the respondents felt their organization's security 
practices needed improvement.

It may be tempting to take comfort in the fact that security 
vulnerabilities are not unique to nonprofit organizations, but it 
would be a mistake. For as we noted in NetAction's survey report 
computers are increasingly important to the mission of many nonprofit 
organizations, and non-profits are much less likely to have the 
financial resources to recover from a cyber attack.

So to help nonprofits assess their cyber security practices, 
NetAction prepared the following checklist:

1) Do your work habits promote security?

Always log off when you aren't using your computer. The most basic 
and low-tech security practice is to lock or shut down a computer 
when it's not in use. If you don't do this, there's no point in 
password-protecting your hard drive. When users are logged off, 
passwords and user names are your first line of defense. Use 
passwords that are difficult to guess, and change them frequently. If 
you're worried that you'll forget your password, write it down and 
file it in a safe place.

2) Can your data be restored if your computer crashes?

Regular backups are a crucial component of computer security. 
Documents and other data should be backed up daily. Backed up data 
can be stored on removable media (such as CDs), on a tape drive, or 
on a secure web site. Redundancy is the best strategy; create several 
backup sets so at least one is stored off site. It's also a good idea 
to periodically make a full backup of your hard drive so that if your 
hard drive crashes you won't have to reinstall each software program 

Many new computers include CD drives that make data backups easy and 
affordable. External hard drives that can be disconnected and stored 
off site are an affordable option for backing up a complete hard 

3) Is your computer safe from viruses and worms?

New computer viruses and worms are discovered all the time. 
Installing and regularly updating your anti-virus software is 
essential to maintaining the security of your computer files.

4) Is your computer safe from malicious hackers?

Every computer connected to the Internet without a fire wall is 
vulnerable, but the risk is greater if you are using DSL or cable 
broadband, or are connected to an office network. Because these types 
of connections are typically always on, malicious hackers can get 
into your computer and steal confidential information, deface your 
organization's web site, or use your computer as part of a 
distributed denial of service (DDoS) attack directed at another 
server. Fire wall software that can be installed on individual 
computers is available from many of the same developers who produce 
anti-virus software, such as Symantec and McAffee. In offices with 
networked computers, there may be a separate hard drive that serves 
as a fire wall for the entire network. While that may be sufficient 
to prevent break ins from outside the network, it's still a good idea 
to install software fire walls on individual computers to prevent 
unauthorized access from users within the network.

5) Are your mailing lists safe from spammers?

Email lists are frequent targets of spam, so mailing list security 
should be a high priority if you operate any mailing lists. If you 
are running commercial list software, such as majordomo, configure 
your email lists so only the list owner has access to subscribers' 
addresses. If you are using your email client software, such as 
Eudora or Outlook, avoid disclosing subscribers' addresses by putting 
all of your recipients' addresses in the "Bcc" field. If you are 
using an application service provider, such as Topica or Yahoo 
Groups, make sure the lists are configured to prevent the disclosure 
of addresses. Also, backup your subscriber list regularly. Those 
addresses are one of your organization's most important assets!

6) Are your confidential files safe from snoopers?

Nearly everyone stores some data on their computer that is sensitive 
or confidential. Use passwords and encryption to protect private 
data. Disable operating system features that allow files to be shared 
unless it's absolutely necessary, and when you do allow sharing use 
passwords to ensure that only authorized users have access. If you 
send or receive confidential data, encrypt your email messages.

7) Are you prepared for the worst?

Hard drives crash; accidents happen, natural disasters occur without 
warning. If you depend on computers, disaster planning is a 
necessity. Start by keeping an up-to-date backup of your hard drive 
off site, but don't stop there. Inventory your hardware, software and 
service providers. Ask yourself what it would take to get back online 
if your office was destroyed in an earthquake or fire. Write it all 
down and keep a copy with your off site backup. Periodically review 
your plan to make sure it's up-to-date.

8) Do you check "under the hood" periodically?

Although not strictly a security issue, good disk maintenance is also 
important,. Several software vendors sell utility tools (such as 
Norton System Works) that can alert you to and fix minor problems, 
and sometimes even retrieve lost data. Specific maintenance 
requirements vary, so review the User Guide that comes with the 
software and check your disk periodically to ensure optimal 

This Cyber Security Checklist is one of several checklists included 
in NetAction's Virtual Activist Reader. Download the complete Reader 

Digital Documentaries

Earlier this year I had the privilege of moderating a panel on 
Emerging Technologies at a regional conference hosted by the 
Nonprofit Technology Enterprise Network. One of the emerging 
technologies that conference organizers identified was digital video 

Over the past couple of years digital video has become increasingly 
popular, both as a consumer hobby and as a tool for Internet 
activists. It's easy to see why: digital video cameras are relatively 
affordable and easy to use; software applications for editing and 
viewing digital video is bundled with most computers sold on the 
consumer market; and video files can be downloaded fairly quickly 
with a broadband Internet connection.

In his presentation at the N-TEN conference, CompuMentor's Eric 
Leland identified several key reasons for using digital video for 

- It has the power to evoke emotions that activists can tap to inspire action.
- It's a portable media that activists can use for education as well 
as advocacy.
- The depth and breadth of information goes beyond what can be 
conveyed in print.
- Activists have used video successfully to promote their goals.

Eric's written presentation (along with others from the conference) 
can be found at ( 
It includes references to several online resources including how-to 
articles and case studies of digital documentaries.

One powerful example of successful digital video advocacy that Eric 
describes is "Bought & Sold," a documentary about the transport of 
Russian women for prostitution that was broadcast on CNN, BBC, and 
other networks. Viewers were so outraged that shortly after the 
documentary aired on Ukrainian television that government passed a 
law making the practice a crime, and President Clinton allocated 
funds to U.S. law enforcement agencies to coordinate a response to 
stop the practice.

Another very creative example of digital video advocacy is the 
OneWorld TV project ( OneWorld International 
is a global community of social change organizations. The OneWorld TV 
project features RealVideo clips of people telling their stories, and 
invites viewers to contribute their own clips to add to the 

According to NetAction advisory board member Judi Clark, projects 
such as OneWorld TV have the potential to bring life to nonprofit 

"This could have an interesting impact on minimizing global 
differences -- seeing what others are like, what their daily 
struggles are about, how important community, politics and news are 
in different regions. School reports on foreign nations could take on 
a whole new (lifelike) dimension," she commented.

One of my own experiments with digital video unintentionally proved 
to be a useful tool for recruiting volunteers. On a recent evening in 
San Francisco, a small group of reproductive rights activists 
participated in a "pub crawl" on behalf of the California Abortion 
and Reproductive Rights Action League (CARAL) to distribute 
information on emergency contraception to bar patrons. I followed 
along with a video camera and produced a brief QuickTime movie for 
CARAL's web site (

My goal in creating the movie was to provide some recognition for 
CARAL's volunteers, but shortly after the movie was posted on the web 
site I received an email message from Laurie Beijen, a co-chair of 
the volunteer committee that had organized the pub crawl:

"We've gotten such great response to this! I've even been getting 
emails from people who haven't previously been involved with CARAL. . 
.  it is a great recruitment tool," she wrote.

Locals Like Email

NetAction has generally advised activists not to rely on email to 
communicate with elected officials. While we still advise against 
using email to communicate with Congress, we were pleased to learn 
that a recent study found that constituent email is effective when 
dealing with local elected officials.

The results of a recent survey of mayors and city council members by 
the Pew Internet & American Life Project found that 88% of local 
elected officials use the Internet for official duties, 74% of online 
local officials feel that email from constituents helps them 
understand public opinion, and 61% of online local officials use 
email to communicate with citizens at least once a week.

The complete survey report, "Digital Town Hall: How Local Officials 
Use the Internet and the Civic Benefits They Cite from Dealing with 
Constituents Online," is on the web at 

About NetAction Notes

NetAction Notes is a free electronic newsletter, published by 
NetAction. NetAction is a national, nonprofit organization dedicated 
to promoting use of the Internet for grassroots citizen action, and 
to educating the public and policy makers about technology policy 

To subscribe to NetAction Notes, send a message to: <>
The body of the message should state: <subscribe netaction>
To unsubscribe at any time, send a message to: <>
The body of the message should state: <unsubscribe netaction>

NetAction is supported by individual contributions and grants. You
can make a credit card donation from NetAction's secure server at:

For more information about contributing to NetAction, contact Audrie
Krause by phone at (415) 775-8674, by E-mail at>, visit the NetAction Web site at
<>, or write to:
NetAction * 601 Van Ness Ave., No. 631 * San Francisco, CA 94102
Copyright 1996-2002 by NetAction/The Tides Center.  All rights reserved.
Material may be reposted or reproduced for non-commercial use provided
NetAction is cited as the source.  NetAction is a project of The Tides
Center, a 501(c)(3) non-profit organization.

========== HURIDOCS-Tech listserv ==========
Send mail intended for the list to <>.
Archives of the list can be found at:
To subscribe to the list, send a message to <>,
with the following text in the message: subscribe huridocs-tech
To unsubscribe from the list, send a message to <>,
with the following text in the message: unsubscribe huridocs-tech
If you have problems (un)subscribing, contact <>.

[Reply to this message] [Start a new topic] [Date Index] [Thread Index] [Author Index] [Subject Index] [List Home Page] [HREA Home Page]