Security Essentials For Humanitarian Organizations
v 2023.12
© 2024 Dark Data Project

Collect as little data as possible. Do not collect data proactively. Anonymize and/or aggregate whatever data you do collect, to whatever extent you can.

Adhere to the principle of least access. Granularly restrict data to those with a need to know. Depermission frequently, and delete upon request.

Use and enforce strong, unique, perishable passwords which are stored in an industry-grade password manager. Never provide "password hints." Augment with MFA.

Use secure communications wherever possible. Email and SMS are not secure communications protocols. Be alert to phishing.

Don't share accounts, logins or passwords.

Lock down your hardware. Promptly implement updates, patches and firmware customizations. Adopt a "thin client" posture.

Be aware of, and conform to, security and privacy legislation in all jurisdictions where you operate. Plan for disaster.

If you believe your organization has been specifically targeted, have a security professional perform an urgent risk assessment.