 As technology experts are fond of reminding us, your information is only as secure as your weakest device. With increasingly sophisticated cyber monitoring a growing challenge for human rights documenters, it is more important than ever to make sure your devices and applications are well protected. Here are nine practices for good digital security hygiene. 1. Use strong passwords. Your passwords should follow the handy acronym SURE. Sentence length, unique, random and easy to remember. Do not reuse your passwords on multiple accounts and avoid letting web browsers remember your account information. You can use password managers such as LastPass or KeyPassXC, both of which are free to download for computers and smartphones. Password managers are not only a reliable and secure method of keeping track of your passwords, they can also generate and remember strong passwords for you. 2. Use two-factor authentication. Two-factor authentication is the option of having more than one password or key for your account, such as having to enter a password followed by a generated code. Two-factor authentication can be enabled on email, social media and other tools in a few simple steps. The purpose of two-factor authentication is to avoid phishing attacks, ID theft and account hacking. Even if someone has stolen your passwords, two-factor authentication will prevent them from accessing your accounts. There are three types of two-factor authentication, using SMS or text messages, mobile phone apps and physical security keys. Free OTP or Google Authenticator are the most widely used apps for two-factor authentication. Setting up two-factor authentication is quick and easy. See the tutorial linked below for guided instructions. 3. Keep all software and operating systems up-to-date. Make sure your software is always up-to-date. If you are a Windows user, upgrade it to the latest version. This helps to protect your computer from malware, such as ransomware. 4. Use hard drive encryption. You should protect all the data in your computer's drives from unauthorized access. This can protect you if your computer is lost or stolen. BitLocker is a closed source program for Windows users and Veracrypt is an alternative free open source software for all users to enable hard drive encryption. 5. Use a trusted virtual private network or VPN. When you connect to a network in order to access the internet, the network's owner is normally able to monitor your activity, such as the websites you visit. Using a VPN routes your internet activity over the VPN provided system so that from the point of view of the network you are connected to, the VPN is the only system you interact with. It is wise to use a VPN when you connect to an untrusted public network, such as in a cafe, hotel or airport. However, you should note that the VPN service provider can still monitor your activity. Using a VPN also encrypts the data you exchange with the VPN provider so the networks in between cannot read it. 6. Look at the URL bar carefully. It's important to avoid using insecure webpages. Check for a green lock image beside the URL. You can expand short URLs to check whether a web page is safe to visit. Secure websites use HTTPS, with the S signifying that it is protected by encryption. Alternatively, you can install a plugin for your web browser called HTTPS Everywhere, which forces you to use HTTPS only. 7. Be aware of phishing attacks. When you open an email, check the email address of the sender. If you think you have received a suspicious email, be careful of downloading attachment files or clicking links which then require you to log in to any accounts you own. For example, even if you receive an email from a trusted website and are asked to log in, you should go to the site directly and log in there instead of clicking the link embedded in the email. Any unexpected emails which ask you to take action with a sense of urgency, threat or via a request for help should be treated with suspicion. 8. Use email encryption. If you want to increase your email security and protect your email communications, consider email encryption. Encrypting your emails is equivalent to putting your message into a lockable box that only the intended recipient of the email can open to read it. Ending mail, tutornota and mailvalope are the most widely used applications for encrypting email. See the link to a tutorial for setting up email encryption in the description box below. 9. Do regular backups. It is best to assume your approach to security is not perfect. To prepare for the event that your security has broken and your data is lost, it is essential to make regular backups so that you can still retrieve your data. Having regular backups can also allow you to compare a backup to the data on your computer which will enable you to see if someone changed it without your permission. Remember, no digital security system is perfect and new vulnerabilities emerge all the time. However, following these recommendations can go a long way to keeping you and your data secure. For more information, including how to access in-person digital security training for yourself or your organization, see the article linked below.