Guest Speakers: Allen Gunn, Executive Director of Aspiration
Security and privacy issues have had the attention of the nonprofit world since the “Snowden files” exposed the CIA’s mass surveillance program. But security conversations tend to get technical fast with mysterious acronyms like PGP and OTR. The missing ingredient is often the “people factor.” By creating a “culture of security” in our workplace we can better protect ourselves, our communities and campaigns. Joining today’s talk is Allen Gunn of Aspiration, a leading capacity-building organization in the nonprofit technology sector. Read below for key take-aways and additional readings/ resources.
Live Q&A with #MobLabLive
A snapshot from Twitter of the conversation and questions on this MobLab Live conversation:
“To support a security culture in your org, start around the edges w/ dialogue. Model what you can, where you are.” #MobLabLive
— kjantin (@kjantin) April 8, 2015
Suggested steps to take in building a security culture:*
- “Security Culture” should build around people, not technology: Focus on dialogue, understanding there are different language to talk about security and different motivations.
- Focus on data, that’s what you are ultimately protecting with the sensitive information we store.
- Work incrementally, experiment safely and share your learning with colleagues.
- Creating a security culture is a journey, there is no end point and no “fully secure” operation.
Suggested further learning:*
- Learn to encrypt email with GPG.
- Learn to encrypt our media.
- Learn to use Linux and take steps away from Windows operating system.
Suggested tools to start building more security:*
- Install Tor Browser: https://www.torproject.org
- Learn to use “Off the Record” (OTR) messaging. OTR works with apps like Pidgin, Adium to encrypt chat.
- Install HTTPS Everywhere: https://www.eff.org/https-everywhere
- Install Guardian apps on your phone. These are cryptographic and secure communication tools for your Android and iPhone: https://guardianproject.info
- Play with Red Phone and Signal apps, more secure communication tools: https://whispersystems.org
* This not a comprehensive list nor an endorsement by Greenpeace. Greenpeace staff can review information security policies here.