Digital Hygiene 101: How to practise digital safety and security

This post is also available in: ไทย Indonesia

This guide was originally written by Darika Bamrungchok and published in April 2020 on Coconet.social. This 2022 revision by EngageMedia Digital Rights and Technology Manager Khairil Zhafri and Digital Security Specialist Ashraful Haque includes updates to the introduction and available digital hygiene resources.

Read the original guide in Thai, Indonesian, Chinese, and Filipino. Updated translations, produced under the Localization project, will be shared in 2023.

Illustration by Rebecca Wang for the OpenIDEO Cybersecurity Visuals Challenge. Image from Wikimedia Commons, licensed under the Creative Commons Attribution 4.0 International license.

The COVID-19 pandemic led to the unprecedented adoption of new technologies in our daily lives, changing the way we work, travel, study, and interact with each other. As more of our lives now revolve online, we need to reevaluate our digital hygiene practices and check how “clean” and safe our devices and software are. Digital hygiene is our crucial first line of defence against new and evolving digital threats, such as malicious emails, social engineering, phishing, cyber harassment, hacking, data theft, and more. The majority of data breaches and hacks are caused by human error, so it’s important to know how to minimise our vulnerability. Here are a number of tips to stay safe and healthy against digital viruses, along with a list of safer alternatives to the usual tools we use for online work.

Good Digital Hygiene in the Online Workspace

Whether you’re working from home or at the office, it is important to pay close attention to your digital hygiene to ensure your online workspace is safe, and that your personal and organisational information and files are secure. Here’s a checklist of good practices before starting your work day:

Strong passwords still matter. While many tech companies are pushing for a password-less future, passwords are not going away anytime soon. Passwords remain the first step to accessing accounts, so it’s important to create strong and secure passwords.

To add another layer of protection, enable two-factor authentication for all accounts, especially for emails and social media.
Change personal wifi names to something less identifiable.
Change the passwords on wifi routers to something more complex and hard to crack by adding numbers and special characters.
Change the default passwords of personal smart devices connected to your home internet.
Use a reliable password manager, like KeePassXC or BitWarden, to further secure your passwords.

Keep your software and applications up to date. Check security updates and and patches regularly and install them as soon as they become available.

Make sure anti-virus software and firewall are updated.
Review and remove unused software and applications.
Verify the source before downloading an application.

Have backups of your files, and back up regularly. Losing important files forever can be a nightmare, so to avoid data loss and ransomware, make it a habit to back up important files using secure tools and processes.

Encrypt any backups for both external hard drives and cloud services.
Software such as Cryptomator can encrypt files before storing them in the cloud.
You can also use Veracrypt to create different kinds of encrypted storage on your computer.

Illustration by Rebecca Wang for the OpenIDEO Cybersecurity Visuals Challenge. Image licensed under the Creative Commons Attribution 4.0 International license.

Secure your web connection with safe browsers and virtual private networks (VPN).

For browsers, we highly recommend Brave, Firefox, and Chromium. Change the default search engine to a privacy-minded website such as DuckDuckGo, and regularly clear your cache and history.
Install security browser extensions, such as Privacy Badger, NoScript and uBlock Origin, to help make internet browsing safer.
Note that some extensions can be a security hazard. Regularly review and remove any browser extensions that you don’t often use.
Protect your connection to the internet by using VPNs. Think of VPNs as a “private tunnel” that connects only you to a secure VPN server.
Use a VPN service from a reliable security-focused provider. If you want to try one for free, we suggest RiseUp VPN, Proton VPN, Psiphon, or TunnelBear (free up to 500Mb).

Be aware of phishing attacks. One wrong click on fake links or suspicious messages can result in compromised accounts, stolen personal information, and infected computer systems, so be extra vigilant!

Don’t click on suspicious links from unknown sources. If you’re unsure, use VirusTotal to check the link first before you click.
Learn how to identify common types of phishing and how to protect yourself by reading resources such as the Surveillance Self-Defence guide and this EngageMedia article.

Learn about end-to-end encryption to add an extra layer of security to your online communications. When you don’t encrypt your internet activity, it’s possible for anyone with the right tools or know-how to sniff out what you do online. Imagine sending someone mail using a postcard. Anyone handling your postcard can just read your mail. End-to-end encryption is like sending mail in an envelope: although other people can see that you are indeed sending mail, they cannot see what’s inside the envelope.

Encrypt your emails using OpenPGP. Browser extensions such as Mailvelope and email services like ProtonMail, Tutanota, Mailbox.org and RiseUP make it easy to use PGP email encryption.
Use open-source messaging apps that have built-in end-to-end encryption like Signal, Wire, and Session.
Make sure that your web browsers always use secure connections by enabling HTTPS-only mode. Most new browsers will give you a warning when browsing a website without full HTTPS.

Protect your privacy online by following these tips:

Limit your digital footprint by restricting the kinds of information you share on social networking sites. Avoid sharing personal photos, tagging your locations, and linking your mobile number to your online accounts.
Review your privacy settings on popular social networking sites such as Google, Facebook, Twitter, and LinkedIn. Make your profile pages private and limit your post visibility to selected groups of close friends and family members.
Disable ad ID tracking on your mobile devices to make it harder for advertisers and data brokers to track and profile you online. Don’t forget to disable off-Facebook tracking.
Use disposable email addresses when signing up for user accounts or subscribing to mailing lists. Firefox Relay by Mozilla and SimpleLogin by Proton offer free email redirect services that can mask your personal email address.
Use ad blockers such as Adblock Plus and Disconnect to reduce the number of ads you see and limit marketers tracking you online.

Digital hygiene also includes limiting your use of digital devices. Do you remember the last time you unplugged? Consider doing a “digital detox” to limit your screen time and enhance your digital well-being. Discover the many good reasons why you might want to take a break from all tech devices, and consider finding time for a full data detox.

Working safely with others online

What we’ve covered so far are good digital hygiene practices we can do ourselves. But working remotely means working with others who may not be as digitally healthy as us. Are there collaborative work tools that are safe, trustworthy, and appropriate for remote working? We at EngageMedia have our own recommendations, but this question admittedly has no definitive answer. Tactical Tech’s piece called “Technology is Stupid” puts it best: “The idea that there are tools that would always work for everyone, everywhere; require no extra knowledge and zero additional infrastructure; are fair and just, and protect users at all times, is a dream that has not yet come true.” But while we don’t yet have the perfect tools that are completely secure and user-friendly, we’re adding to our recommendations and listing alternative tools that are good for remote work. We recommend, however, that you read this article to know more about how online tools work and why we should be extra vigilant in the time of COVID-19.

Illustration by Abraham Pena for the OpenIDEO Cybersecurity Visuals Challenge. Image licensed under the Creative Commons Attribution 4.0 International license.

Alternatives to Google Docs for collaborating on documents with other people

CryptPad is an open-source alternative for collaborating on documents. The storage limit for all registered users is 1GB. Registration is free with no personal data required. Pads without registration documents are deleted after three months of inactivity.
Riseup Pad allow for collaborative editing online by using an Etherpad service. Riseup does not store IP addresses. Pads are automatically destroyed after 60 days of inactivity.

Alternatives to messaging apps like WhatsApp, Line, and Viber

Signal is a free chat app that has end-to-end encryption. Its open-source Signal protocol keeps your chat secure. It also has the option for disappearing messages for sensitive conversations.
Wire offers one-on-one or group chat, voice communication, and file-sharing with end-to-end encryption. You can register using your email or phone number.
Rocket.Chat is also an open-source chat app with end-to-end encryption.
To learn more about these apps, check out this comparison of secure messaging apps.

Alternatives to Zoom and Skype for videoconferencing

Jitsi Meet is an easy-to-use open-source tool that doesn’t require user registration. You can use meet.jit.si to host your online meetings for free or deploy Jitsi Meet on your own server. Other trusted free Jitsi Meet deployments include Greenhost, Framatalk, and Distroot.
BigBlueButton is an open-source video communication tool that has all the features comparable to Google Meet, Microsoft Teams, and others. You can create breakout rooms, use a whiteboard, enable closed captioning, run polls, share notes, and use other features ideal for online training and learning. You can run your own server or sign up for BigBlueButton managed by NoLog.cz, CommunityBridge, meet.coop, and other providers.
Talky has a free encryption option. This app allows for simple video chats and screen sharing for groups of up to 6 people.
Wire also offers secure video conferencing, but only for the paid version. If you are interested to try Wire, a free 30-day trial is available.
Mumble is good if you need to use only audio for your online conference. It’s free, open-source, and operates on low latency.
Whatever the videoconferencing tool you use, always be mindful of your work environment and background. A plain background is best to avoid showing private or personal belongings that can identify you. Consider covering your camera when not in use.

Alternatives to commercial file-sharing services

Share.riseup.net is a file-sharing service hosted by Riseup that keeps the file online for a week before deleting it.
OnionShare.org lets you securely and anonymously share a file of any size by using Tor Network.
Lufi by Disroot encrypts and hosts your file for online sharing for up to 30 days.

Your tools, your choice

Connecting to the internet is always a risky activity. Online, you are being tracked and your data will never be entirely safe. While there is no foolproof way to stay safe online these days, we shouldn’t take digital safety for granted.

When choosing which tools to incorporate into your online workspaces, a good rule of thumb is to review the service’s privacy policy and carefully check the type of encryption being employed. Many technology companies and developers are eager to highlight their tools’ encryption abilities, but not all kinds of encryption are created equal, and many of the software we’re accustomed to using are not end-to-end encrypted. For example, the popular video conferencing app Zoom isn’t actually end-to-end encrypted, meaning anyone with the right tools and skillset is capable of spying on your meetings.

At the end of the day, digital security is a subjective concept. What you eventually use depends on your needs and lifestyle. You have the power to draw your boundaries and choose which tools you want to use.

If you find more tools that work for you, tell us about it! We’ll update this post with newer recommendations and security updates as they come. The more that we collectively practice good digital hygiene, the safer we all will be.

Image from 200degrees, licensed under the Pixabay License.

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.