Strengthening security for LGBTI activism

In the work of activism, facing organised opposition and unexpected security challenges is increasingly common. To support you, we’re offering a series of webinars this July, designed to empower LGBTI activists in Europe and Central Asia in effectively navigating security challenges, enhance security knowledge and reduce concerns.

Join us for these three foundational webinars, starting 10 July:

Risk management with Alexandra Delemenchuk

Overview: Learn the fundamentals of risk mapping and management to protect your team and community.

Date & Time: 10 July, 10:00 CEST

3 hours, with breaks each hour

What we will be covering:

  • The fundamentals of risk assessment
  • Risk assessment in communications
  • Tools and resources for self-assessment

Physical event security with Kaspars Zalitis

Overview: Gain practical insights on planning and ensuring the safety of your community events.

Date & Time: 17 July, 10:00 CEST

3 hours, with breaks each hour

What we will be covering:

  • Identifying essential elements to consider for event security.
  • Developing comprehensive security guidelines before conducting an event.
  • Addressing security protocols in the event of venue compromise.
  • Implementing post-event security measures and follow-up actions.

Data protection with Gillo Cutrupi

We had to postpone the webinar from July to 4th September. Those who registered before have received a link with the new date (please check your spam folder if you haven’t received it, or contact us) and do not need to re-register.

Overview: Understand robust digital hygiene practices to safeguard sensitive data in a vulnerable digital world.

Date & Time: 4 September, 10:00 CEST

3 hours, with breaks each hour

What we will be covering:

  • Protecting visual data
  • Secure data storage and management
  • Protecting speakers and visible persons
  • Working with vulnerable and marginalised groups

Why you should join these webinars

  • To build a strong foundation for your security efforts, leading to less worry and safer spaces for your communities.
  • To forge new connections, gain a realistic outlook on risk management, and free up time for other priorities while maintaining a safe and responsible working environment.

Who can apply

Groups and organisations in Europe and Central Asia at the beginning of their path or with limited resources for security expertise.

Make your activism safer and more effective. Join us this July and let’s strengthen security for your activism!

COVID-19 and digital security: How to organise safe Prides online?

This year, Pride Month will be like no other. Despite the current challenges, it remains as the opportunity of coming together for equality and celebrating our diversity. Many organisations are getting ready for this important month of visibility by organising digital events. Are you wondering how your organisation can prevent possible attacks online this month? ILGA-Europe Programmes & Policy team shared some possible scenarios and tips for you!

With the new physical limitations to manifesting our freedom of expression and making our presence visible, most of our work has moved to online spaces which brings its benefits, but also entails an increased risk of digital security breaches. In recent weeks there have been increased indications that Pride organisers might be subject to online attacks in a more organised and active manner.

ILGA-Europe Programmes & Policy team has selected a few of the most likely possible attacks online which could be used to stop or hinder your work. Find out what they are and what you can do to prevent and mitigate them, as well as some ally organisations which might be helpful.

1. Cyberbullying, including cybertrolling and attacks on users profiles online

Individuals, usually using fake accounts or digital identities which cannot be traced to real persons, comment or post negative, or fake information to diminish the importance of your work by shifting the focus and instilling fear. Recently, a Twitter user flagged the plans of the 4chan group.

What you can do as organisers is to discuss this scenario in advance and come up with response strategies; it could be ignoring these messages altogether, deleting or diluting them with supportive messages.

2. Taking down your online resources such as websites and social media pages

These could be done by massively reporting your resources (as having violated the rules of the hosting space) or by the so called DDoS attacks on websites done through simple software available online.

A solution is to create backups with all the content of the website and pages so that it can be restored quickly on your own or alternative pages (these should also be created in advance).

Talk to your hosting providers, informing them that such a scenario is possible due to increased visibility of your group and issues. If the hosting company is international, it might be possible to look into cross-border work on this issue.

3. Attempts to get access to your internal digital resources such as e-mails, cloud storage, organisational servers, and more

This can be done in multiple ways, from phishing attempts to picking weak passwords of team members.

There is quite a lot of information online on how to prevent these types of attacks, but you should not underestimate the need to pay close attention to these types of attacks as they are still some of the most efficient tricks used by our opponents.

Here you can find a useful toolkit that offers a brief and clear visual representation on potential scenarios and ways of preventing and mitigating those.

As general tips, we suggest the following steps:

  • Develop a brief protocol of actions in case of the above scenarios and inform your teams.
  • Create back-up content for social media pages; create alternative pages that can immediately replace those taken down.
  • Reach out to local digital security experts and ally organisations or international allies such as AccessNow’s helpline for urgent and complex situations.

COVID-19 and digital security: How LGBTI activists can safely work online

While the opponents of LGBTI equality might also be overwhelmed with COVID-19 and focus their attention less on LGBTI groups right now, the digital footprints we leave today will still be around for a long time to come, which could make us more vulnerable after the crisis is over. So, now that most of our activities have moved online, how do we stay safe and secure? Here are tools and tips from the ILGA-Europe Programmes & Policy team.

As the coronavirus pandemic has taken us all by surprise, and we’ve all found ourselves isolating and working from our homes, the ways in which we communicate have drastically changed and we have to adapt quickly. Although many of us were already acclimatised to communicating digitally, moving 100 per cent of our daily work to the online sphere has been challenging in already complicated contexts.

For LGBTI activist organisiations, it is important to keep in mind that safety comes first. While our opponents might also be overwhelmed with Covid-19, the digital footprints we leave today will still be around for a long time to come. The following tips and tools on how your activist organisation and work can move its communication online are lead by the principle of online safety

Here’s how to quickly and safely reshape the work with your team without losing time and resources.

1. Group Communication

For group chats, one-to-one video and audio quick calls, you can use various apps on your cell phone. The following apps facilitate group meetings and here are the safety elements you need to bear in mind:

Remember that some of these apps are linked to your cellphone number. When you have sensitive conversations, you may want to be able to delete conversations for everyone in the app. Signal, WhatsApp, Viber allow you to do that, while Wire also allows you to write self-destructing messages.

You can find detailed information here on these and additional apps.

For longer conversations with your teams, it is probably easier to use apps that are available on your computer or tablet. Most of the following are also available on your phone, but generally harder to operate there.

In case you plan video calls and sensitive aspects may or may not come into discussion, please follow some simple rules:

I. Always set a password to the meeting.

II. Avoid sharing a the link to the meeting in a public online space as anyone who has the link can join the meeting.

III. Ask participants to introduce themselves verbally, preferably with video (later you can mute and/or turn the cameras off).

IV. If you see suspicious participants joining (not responding to questions, sharing unsolicited content, etc.) close the meeting for everyone and start a new one.

For those using zoom, besides the above rules, there are some specific technical aspects that can improve the safety of your calls:

I. Change screensharing to “Host Only”.

II. Disable “Join Before Host”.

III. Disable “File Transfer” so there’s no digital virus sharing.

IV. Disable “Allow Removed Participants to Rejoin” so booted attendees can’t slip back in.

V. Also try to avoid using your personal meeting room for public meetings. If someone gets access to your personal meeting ID and the personal link, they could potentially then join any meeting in the room at any time.

Long, but as we say, better informed than hacked.

2. Project Management Tools

To work collaboratively with your teams on multiple projects with mixed requirements and deadlines, you could try one of these project management tools:

Slack — A virtual office which works well for prompt communication on various work projects with separate channels that can be encrypted or password protected.

Asana — Good for a growing team, it offers calendars, joint and individual task management, file sharing, workload indicator, etc. This is probably useful if your team is used to working online already, a bit harder to get used to quickly than Slack.

Trello — A good tool for planning and keeping track of steps in project implementation, good with deadlines and good for small teams!

Wrike — Similar to Asana, this is good for complex projects with long timelines, conditionality of tasks and timeframe.

Keep in mind that these tools are cloud-based. This means that they are quite secure unless at least one person has their password breached. Two-factor authentication and regular changing of strong passwords are a must.

The second consideration is that these tools are not free of charge, but this period is a good opportunity to explore their fee offerings. Then you can decide if you want to continue using some of them.

3. Collaborative and Cloud-storage Tools

If you plan to work together with your colleagues on documents, these collaborative work and cloud storage tools may be handy. We do not recommend Dropbox as it is not a safe tool to use for permanent storage. Remember always that safety comes first!

Google Drive — Well known and understood, Google Drive works well, but is not the safest option. If you have security concerns, consider two-factor authentication. Here’s how to set it.

The Box — Similar to Google Drive and Dropbox, but considerably safer.

4. Password Changing

Changing passwords is a good safety tool, but constantly changing and saving them, especially with all the current anxiety, might be challenging. Here are some tools to generate and safely store your passwords:

1password.com — Features cloud-based database storage, meaning it is less likely that it will be hacked on your computer, and can be accessed around the world (if you have a good Internet connection).

Keypass.com — A software-based database of passwords. Can be used offline, but it will be stored on your laptop and/or smartphone.

You can find here more general tips on how to set your workspace at home, and security considerations in a report produced by Frontline Defenders here.