Ask participants how much they value their computers - How useful or essential is it to their personal and work lives? How much information they storage in their computers?
Now ask them - How much time do they spend on maintenance of their equipment? The difference between the degree with which people tend to value their devices versus the amount of time they spend on maintenance and care is often quite wide. Explain to the group that this session will focus on basic practices for protecting devices.
Mention to the group that many practices related to device safety are in fact more related to physical security than digital security (this is a good way to reinforce the holistic focus of this curriculum). A good example of this is the importance of cleaning devices – to get rid of dirt or residue that might get inside – and to conduct regular physical inspections of equipment to identify any alterations or physical intrusion attempts. In that regard, you can recommend basic digital practices – like using a password to lock a device if they won’t be in its immediate vicinity while it is switched on – as well as physical protections, such as using a keyboard protector or an anti-theft cable chain to prevent unwanted access or theft. Make sure to note here how the most critical aspect of their devices’ physical safety: awareness. Being aware of where a device is at any given moment – whether on their person, in the other room, or secured in another location – is essential!
Ask each participant to recall the details of their workplace - Which physical risks are present? Is their computer exposed to being stolen? Are there any misplaced cables? Is it possible that their computer might be exposed to extreme heat, cold or moisture? These are other important awareness points – physical awareness isn’t just about making sure an adversary doesn’t get ahold of their device(s), but also about the potential damage that a device’s immediate environment might present.
Explain to participants the risks of using pirated software (high likelihood of downloading malware, can’t regularly update in the same way as with licensed software, etc.); however, licensed software is also frequently quite expensive. Here, you can share a few resources with the group that will be helpful to address this:
Open a browser and navigate to Osalt – this is a website that presents free and open source alternatives to many major licensed software platforms and suites (for example, using Ubuntu instead of Windows; LibreOffice instead of Microsoft Word; Inkscape instead of Adobe Illustrator).
Via TechSoup, human rights activists and their organizations may be eligible to receive free, or heavily discounted, versions of commercial software: users may look for official distributors among local ICT service providers and request for a non-profit or public sector license discount. A large distribution network for donated software is run by TechSoup - the link above contains a list of partners and the countries in which they operate.
Explain to participants the importance of keeping all their software updated - first and foremost, it protects against security vulnerabilities. All software and updates should only be downloaded from trusted sources; for example, when updating Adobe Acrobat Reader, one should only use updates downloaded directly from Adobe, not third-party websites.
Next, explain to participants the importance of having an antivirus program on their computers - provide some background that can help demystify some of the common myths related to antivirus, such as:
Using two or more antivirus programs offers more protection.
Mac and Linux don’t need antivirus software because they can’t get viruses.
It’s perfectly safe to use a pirated version of antivirus software.
Free antivirus programs are not as safe or reliable as paid programs.
Share these, along with any others that participants share with you – then, discuss some basic safe practices for using antivirus software and protecting against malware (see Malware & Viruses session in this module). Some useful ones to highlight here, in case you haven’t already covered them in the Malware & Viruses session in this module, are:
Using the uBlock browser plug-in to avoid clicking on ads that might download malicious malware files onto their computer.
Being aware of phishing attempts, suspicious links or attachments found within emails in particular, that appear to be sent from unknown accounts or from accounts that appear similar to those of trusted contacts.
This is a good opportunity to mention firewalls – these offer an automated layer of protection in their computers. Share tools like Comodo Firewall, ZoneAlarm and Glasswire. Newer (licensed) versions of Windows and Mac OS also have robust firewalls already installed.
Ask participants - How often do they backup their files? Share examples of best practices related to data backup, such as keeping the backup in a safe place that is separate from their computer, backing up their information on a frequent, regular basis and - depending on the information that is being backed up - to consider also encrypting the hard drive or storage media where data will be stored.
Share with participants the backup format template below, and have them start filling it in individually. Explain to the group that this is a useful way of creating a personal data backup policy – they can refer to this after the training, as a useful resource for keeping track of where their data is stored and how often that data should be backed up.
Backup Format Template
|Type of information|
|How often it is produced or changed?|
|How often must it be backed up?|
Explain next that, although there are backup automation tools available (such as Duplicati.com or Cobian), participants may find it easier to start doing their backups by manually dragging and dropping files to the backup storage media. This ultimately depends on the complexity or amount of data they have to manage – for the average user however, manual backups should be more than sufficient.
To follow-up on secure data backups, re-visit briefly the concept of encryption for storage media. Explain to the participants what it means to do, and why encrypting their hard drives or storage media can be useful. VeraCrypt and MacKeeper, two relatively popular utilities for implementing file or disk encryption, could be mentioned here as options for participants to explore.
Read aloud the following statement:
From a purely technical perspective, there is no such thing as a delete function on your computer.
Ask the group what they think about this – Does this statement make sense? How can it be that there is no such thing as a ‘Delete’ function? Remind the participants that they can drag a file to the Recycle Bin on their computer desktop, and then empty the bin, but all this does is clear the icon, remove the file’s name from a hidden index of everything on your computer, and then tell their operating system that the space can be used for something else.
Ask the group - What do you think happens to the data that is ‘deleted’? Until the operating system uses that newly free space, it will remain occupied by the contents of the deleted information, much like a filing cabinet that has had all its labels removed but still contains the original files.
Now explain that because of how a computer manages this storage space for data, if they have the right software and act quickly enough, they can restore information deleted by accident; likewise, there are also tools available that can be used to permanently delete files (not just remove them from the file index until the space is occupied). Take this opportunity to present CCleaner, Eraser, and/or Bleachbit as tools that can be used to delete files and Recuva as an option to recover deleted files.