I’m from the Midwest, and there we expect that most people – like all Minnesotans – are nice. Truth be told, I’d rather not think about people who want to do me or my trusted allies, friends and activists harm. Yet if the end of 2016 has taught me anything – it’s a) keep fighting and b) forget about Pollyanna and protect ourselves and c) don’t live in fear.
Or, in other words, now is the time to get off the couch and get out into the world. But lock the door on your way out.
Overwhelmed with where to start? Here are five practical things to do today.
1) Turn on Two-Factor Authentication, on all the Things.
In simplest terms, this is like getting cash out of an ATM and needing both the card and the pin. Most software as a service programs have some version of this now. If you’re a google apps user, this is the first start. If you are the Google Accounts administrator, you can turn this on for all your users via the admin console to then opt-into as a policy for your colleagues.
Salesforce has been a leader in two-factor authentication. If you’re a user you’ve probably already experienced the helpful (hmm, often frustrating) need to verify logins on new internet connections. If you haven’t turned it on yet, now’s the time. Here’s how.
2) Enable the “Find my Phone” Settings for your iPhone / Google’s Android Device Manager
For Mac users, make sure that all your devices are registered on iCloud – so that you can remotely lock, find or erase them if necessary. This is especially important if you’re using the two-factor authentication above, while SMS in general is still vulnerable this will offer another layer of security.
For PC users the software depends on the device – Lenvovo has software that will enable a remote lock via an SMS code.
Android Phone users should register with Google’s Android Device Manager and download a more secure remote locking App – check out trendblog’s detailed recommendations.
3) Do a Salesforce Security “Health Check”
I recently discovered this new out-of-the box feature via Salesforce to scan the security settings of your Salesforce org and discover what needs tightening. Be careful of some of the settings – “Lock Domain into Originating Session” might affect integrated apps, and it may be easier to create a permission set for “password never expires” for some of your integrations that would more easily cause a security risk long-term if you are changing (and writing down and losing) the passwords every 90 days.
4) Check Yourself and your Colleagues for “Phishing-Readiness”
I admit it, I recently clicked on a fishy link from my son’s baseball coach, even though I knew it was suspect, because I thought well, maybe it wasn’t – okay, really I just wasn’t thinking and was checking quickly on my phone.
Check yourself, again and again, to not click on those funky links. Especially if it says invoice, payment, thanks, bonus, anything exciting.
I remember an account executive telling me about his on-boarding at a large software company. He spent a full week learning about phishing threats, and then actually got tested via LinkedIn requests and other “review” emails to see if he would bite (he did, and had a follow-up conversation with his manager). Check yourself, and remind your colleagues before they click.
5) Get Savvy on your Personal Security
Idealware recently had a great webinar on security for nonprofits, co-sponsored by Fission Strategy. It’s worth watching the whole thing here. One of my key takeaways is that we as activists must take actions to protect our personal information out in the world. In addition to Fission, Community Red is taking the lead on helping activist and activist organizations protect themselves, and has some great consulting in addition to Resource Links about how to limit the personal information out there on you in the world.