Security and privacy issues have had the attention of the nonprofit world since the “Snowden files” exposed the CIA’s mass surveillance program. But security conversations tend to get technical fast with mysterious acronyms like PGP and OTR. The missing ingredient is often the “people factor.”

By creating a “culture of security” in our workplace we can better protect ourselves, our communities and campaigns. Joining today’s talk is Allen Gunn of Aspiration, a leading capacity-building organisation in the nonprofit technology sector. Read below for key takeaways and additional readings/resources.

Live Q&A with #MobLabLive

A snapshot from Twitter of the conversation and questions on this MobLab Live conversation:

Suggested steps to take in building a security culture:*
  • “Security Culture” should build around people, not technology: Focus on dialogue, understanding there are different language to talk about security and different motivations.
  • Focus on data, that’s what you are ultimately protecting with the sensitive information we store.
  • Work incrementally, experiment safely and share your learning with colleagues.
  • Creating a security culture is a journey, there is no end point and no “fully secure” operation.
Suggested further learning:*
  • Learn to encrypt email with GPG.
  • Learn to encrypt our media.
  • Learn to use Linux and take steps away from Windows operating system.
Suggested tools to start building more security:*

* This not a comprehensive list nor an endorsement by Greenpeace. Greenpeace staff can review information security policies here. 


safety and security