Digital Hygiene 101: How to practice digital safety and security

This post is also available in: ไทย Indonesia

This post was originally published on April 27, 2020 in Coconet.social.

This image is licensed under the Creative Commons Attribution 4.0 International license

Read this article in Thai, Indonesian, Chinese, and Filipino

The COVID-19 pandemic is no longer just a global health crisis but one with widespread implications across all sectors of society. We still don’t know how long this crisis will last, but we do know it will change the way we work, travel, study, and interact with each other in the future.

We always hear daily reminders on how to practice proper physical hygiene. But beyond your personal hygiene, have you thought about your “digital hygiene”? Now that the pandemic has also forced us into an unprecedented adoption of new technologies to our daily lives, we need to think about the health of our devices – already an important extension of ourselves.

Just as how we are reminded to wash our hands regularly, 20 seconds at a time, we need to check how “clean” and safe our devices and software are. Digital hygiene is our crucial first line of defence against new and evolving digital threats, such as malicious emails, social engineering, phishing, cyber harassment, hacking accounts and devices, stealing private data, or even worse. In fact, the majority of data breaches and hacks are caused by human error. And with our new reality, there’s been an increase in global cyberattacks during the COVID-19 crisis; for example, malware disguised as a coronavirus map.

We’ll walk you through how to stay safe and healthy against digital viruses, and give you a list of safer alternatives to the usual tools we use for online work.

Good Digital Hygiene in the (Online) Workspace

Now that many of us have switched to remote working from home, it’s time to take closer look at digital hygiene to ensure our online workspace is safe, and that our personal and organisational informations and files are secure. Here’s a checklist of good practices to do before we start work for the day:

Strong passwords still matter. While many tech companies are pushing for a password-less future, passwords are not going away anytime soon. Passwords remain the first step to accessing any of our accounts, so it’s important we create strong and secure passwords.

To add a layer of protection on top of our passwords, enable two-factor authentication for all accounts, especially for emails and social media.
Change personal wifi names to something less identifiable.
Change the passwords on wifi routers to something more complex and hard to crack by adding numbers and special characters to it.
Change the default passwords of personal smart devices connected to your home internet.
Use a reliable password manager, like KeePassXC, as an assistant to further secure passwords.

Keep your software and all applications up to date. Companies regularly update their software and applications to address security issues, so be sure you update your operating system software and applications as soon as they’re available.

Make sure anti-virus software and firewalls are also updated.
Review and remove unused software and applications.

Have backups of your files, and back up regularly. Losing important files forever can be a nightmare! To avoid a worst-case scenario and ransomware, make it a habit to back up important files using secure tools and security processes.

Encrypt any backups for both external hard-drives and cloud services. Software such as Cryptomator can encrypt files before storing them.

Protect your connection to the internet. Consider using a Virtual Private Network (VPN) to create a secure the internet connection. Think of VPNs as “a private tunnel” that connects only you to a secure VPN server.

Use only reliable VPNs with a secure reputation. If you want to try one for free first, we suggest RiseUp VPN, Proton VPN, or TunnelBear (free up to 500Mb).

Use safe browsers and HTTPS connections whenever possible. For browsers, we highly recommend Brave, Firefox, and Chromium.

Change the default search engine to a privacy-minded website such as DuckDuckGo, and regularly clear your cache and history.
Install security browser extensions, regardless of which browser you’re using. HTTPS Everywhere, Privacy Badger, NoScript and uBlock Origin help make internet browsing safer.
Note that other extensions can be a security hazard. Regularly review and delete any browser extensions that you don’t often use.

This image is licensed under the Creative Commons Attribution 4.0 International license

Be aware of phishing attacks. Only one wrong click can instantly result in a bad infection or cyber threats. This is unfortunately all the more true today, so be extra vigilant! Anyone can trick you into giving access to your accounts or providing your personal information through sending you fake links or emails.

Don’t click on any suspicious links. If you’re unsure, use Virustotal to check the link first before you click.
Take a look at EFF’s article, “How to Recognize Malicious Coronavirus Phishing Scams,” for more information. If you want to read more about this, please visit “Digital Security Tools And Tactics” and “Surveillance Self-Defense”.

Learn about end-to-end encryption. When you don’t encrypt your internet activity, it’s possible for anyone to see your data and what you do online. Imagine that you are sending a postcard – even if your postcard is addressed to your friend or relative, anyone from the mailers and customs officials can just read what your postcard says. End-to-end encryption is like sending a postcard in an envelope. Although other people can see that you are sending a message, they are not capable of seeing the postcard inside the envelope.

Try a digital and data detox. Do you remember the last time you unplugged and didn’t swipe on your phone? Especially now, thinking about doing a “digital detox” in the time of COVID-19 seems to be impossible. While it’s good that technology is helping us feel more connected to one another remotely, we should remember to find a healthier screen balance to enhance your digital wellbeing.

Discover the many good reasons why we might want to take a break from all tech devices for a brief time. Maybe even try to find some time for a full data detox.

How To (Safely) Work Online With Others

What we’ve covered so far are good digital hygiene practices that we can do for ourselves. But working remotely means we might be working with other people who may not be as digitally healthy as us.

Are there collaborative work tools that are safe, trustworthy, and appropriate for remote working? We at EngageMedia have our own recommendations, but this question admittedly has no definitive answer. Tactical Tech’s piece called “Technology is Stupid” puts it best: “The idea that there are tools that would always work for everyone, everywhere; require no extra knowledge and zero additional infrastructure; are fair and just, and protect users at all times, is a dream that has not yet come true.”

But while we don’t yet have the perfect tools that are completely secure and user-friendly, we’re adding on to our recommendations and listing here alternative tools that are good for remote work. We recommend, however, that you read this article to know more about how online tools work and why we should be extra vigilant in the time of COVID-19.

This image is licensed under the Creative Commons Attribution 4.0 International license

Alternatives to Google Docs for collaborating on documents with other people

CryptPad is an open-source alternative for collaborating documents. The storage limit for all registered users is 1GB. Registration is free with no personal data required. Pads without registration documents are deleted after three months of inactivity.
Riseup Pads allow for collaborative editing online by using an etherpad service. Riseup does not store IP addresses. Pads are automatically destroyed after 60 days of inactivity. For additional security, access pad.riseup.net via the Riseup VPN or this Tor hidden service.

Alternatives to mainstream chat applications for secure communications and instant messaging

Signal is a free chat app that has end-to-end encryption. Its open-source Signal protocol keeps your chat secure. It also has the option for disappearing messages for sensitive conversations.
Wire offers one-on-one or groups chat, voice communication, and file-sharing with end-to-end encryption. You can register using your email or phone number. If you will register via email, we recommend you use a secure email service like Protonmail or Tutanota.
Rocket is also open-source chat apps with end-to-end encryption.
If you’re undecided which one to use, check out this comparison of secure messaging apps.

Alternatives to Zoom and Skype for videoconferencing

Jitsi Meet is an open-source platform that is easy to use, and doesn’t require registration. Use it on their server or run it on your servers. Trusted Jitsi Meet hosts include Greenhost and Collective Tools. Note, however, that Jitsi Meet uses end-to-end encryption only for calls between two people, and not for group communication. Use it for group meetings if you trust the one hosting it. Also, try to make your meeting name as unique as possible to ensure no one joins your room. You can also set a meeting password for extra precautions. Find out more here.
Talky has a free encryption option. This app allows for simple video chats and screen sharing for groups of up to 6 people.
Wire also offers secure video conferencing, but only for the paid version. If you are interested to try Wire, they offer a 30-day free trial.
Mumble is good if you need to use only audio for your online conference. It’s free, open-source, and operates on low latency.
Whatever the app or software you always, always be mindful of your work environment and background! A plain background is best to avoid showing private or personal belongings that can identify you. Consider covering your camera with anything opaque when you aren’t using it.

Alternatives to corporate cloud storage to share files with others

Send.firefox.com can send encrypted files to anyone with a one-time use link that automatically expires. Add passwords to additionally protect files.
Share.riseup.net is a file sharing service hosted by riseup that keeps the file online for a week before deleting it.
OnionShare.org lets you securely and anonymously share a file of any size by using Tor Network.

Our Tools, Our Choice

Connecting to the internet is always a risky activity. Online, you are being tracked and your data will never be entirely safe. While there is currently no foolproof way to stay safe online these days, we shouldn’t take digital safety for granted.

When choosing which tools to incorporate into our online workspaces, a good rule of thumb is to review the services privacy policy and check carefully what type of encryption is being employed. Many technology companies and developers are eager to highlight their tools’ encryption abilities. But we should also take note that not all kinds of encryption are created equal, and many of the software we’re accustomed to using are not end-to-end encrypted. For example, the popular video conferencing app Zoom isn’t actually end-to-end encrypted, meaning anyone is capable of spying on your meetings.

At the end of the day, digital security is a subjective concept. What we eventually use for ourselves depends on our respective needs and lifestyles. We have power to draw our boundaries and choose which tools we want to use.

If you find more tools that work for you, tell us about it! We’ll update this post with newer recommendations and security updates as they come. The more that we collectively practice good digital hygiene, the safer we all will be.

This image is licensed under the Pixabay License

About the Author

Darika Bamrungchok is a Digital Rights Manager (Mekong) at EngageMedia, based in Bangkok. She leads a digital rights and digital safety program in Thailand, and is interested in technology and human rights under modern authoritarian regimes.

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.