Digital Security Best Practices

While ACLED is in the process of assessing our digital security vulnerabilities and putting together a comprehensive guide, this page has been developed in the meantime to assist contractors in following best practices when it comes to digital security. If you have any further questions regarding digital security or this page, please reach out to ACLED’s Operations team (operations@acleddata.com).

Stay Safe and Protect Yourself

1. Use a password manager – we recommend LastPass, it’s also what ACLED uses to share passwords with you.

   1. Do not save work passwords in your browser! ACLED recommends you save all passwords, including your personal ones, in LastPass and never in the browser.

   2. Make sure to never use “Remember Me” on devices that aren’t yours (i.e. your PC, laptop, mobile).

2. Use two-factor authentication (2FA) to access sensitive accounts you use for your work (including your email and Slack)

   1. Note that on shared email addresses, such as the regional accounts (e.g. info.me@acleddata.com), using 2FA may take some additional steps to ensure all users (e.g. RM and ARM) can still access the account.

3. Be aware of suspicious looking emails and don’t open them and especially don’t click on links or attachments.

4. Use encrypted messaging apps like Signal or WhatsApp if you regularly talk to people about your work over text messages.

5. When browsing, use security add-ins, such as:

   1. HttpsEverywhere: This plugin makes sure you use encrypted connections (https) when browsing. This add-in is install-and-forget.

   2. UblockOrigin: This add-in is an adblocker that also blocks malicious content. It is install-and-forget. During initial setup, you can select a number of ‘lists’ of content types that you want to have blocked (social media buttons, lists for particular countries, etc.).

   3. PrivacyBadger: This add-in blocks tracking cookies by learning from their behavior. It is install-and-forget, although on rare occasions it does break a website and you need to click the ‘badger’ icon and select ‘disable privacy badger for this site’ or tinker with setting the individual sliders that determine your level of ad-blocking from red (high) to orange (medium).

6. Install a mobile security app to extend your devices security features – Avast Mobile Security is a good choice for Android, while Avira Mobile Security is recommended for Apple.

7. Install security updates and always use the latest versions of your operating system (OS) and other software. Use web browsers such as Chrome or Firefox that receive frequent, automatic security updates.

8. Enable/install a virus scanner and firewall (Windows 10 built in versions are decent options, you can also check out Gizmo’s Freeware for no-cost options).

9. Be conscientious of what you plug into your computer (flash drives/USBs etc.) as malware can be spread through these devices as well.

10. Use a VPN. ACLED requires the use of a VPN when sourcing through Nexis. You can also use a VPN and ACLED recommends the use of a VPN when accessing public Wifi. If the country in which you reside has legal prohibition of VPN or you could get in trouble in any other way by using it, do not use a VPN and get in touch with your supervisor and the Operations team.

    1. Accessing sources that are banned within a specific country via VPN should not be done. If you are asked to monitor a source you can’t access in country – speak to your Research Manager about this immediately and they will propose a solution. It may be that someone else can source for you and then you can code, provided you don’t download the materials from Google drive.