Last weekend, our headquarters in Geneva and the office of an ally organization were burglarized; two of our desktop computers were stolen. The attending policewoman told us despite Switzerland’s reputation as a crime-free country, there are up to 30 break-ins a day in Geneva. We thought being in an NGO building with restricted access and having standard doors was enough, but we will now also reinforce the doors and get metal bars.
Computers were the only stolen items at both of our offices, but it’s not possible to say whether the theft was specifically for information stored on the hard drives or just for the computers themselves. Either way, we can confidently say we have not experienced a data breach, because both of our Mac Minis were encrypted and locked with strong passwords. We also didn’t lose any data, because it’s safely stored in Casebox.
Here’s how to protect your information and yourself, critical for human rights defenders, in case of physical computer theft:
- Lock your computer with a strong and unique password. All passwords should be strong and unique, but perhaps even most importantly for your computer itself. Simple passwords are more easily hacked by ‘brute force’ (guessing until success), seen by someone glancing as you type, or determined from camera footage (that’s why Snowden typed his passwords under a blanket in Citzenfour). Here are some good tips for better passwords.
- Safeguard all passwords. Do not keep your passwords written on paper near your computer. A multitude of secure passwords will be impossible to keep in mind, so we recommend using a password manager like KeePassX instead; KeePassX also rates the strength of your passwords.
- Consistently lock your screen when you step away. Theft can happen very quickly and obviously, unexpectedly.
- Encrypt your hard drive. If it’s encrypted, no one else can read it. Check your settings in Filevault on Mac and Bitlocker or Veracrypt on Windows.
- Regularly back up your encrypted hard drive to another location. If your computer is stolen, you’ll still have all of your information. If you use a password manager like KeePassX, your backup will include a locked file containing all of your passwords.
To further protect yourself against privacy breaches and malicious threats, we also recommend to:
- Scan your hard drive for viruses at least once a week with updated antivirus software like Sophos or Avast.
- Update your computer’s operating system and all critical software as soon as updates become available. These updates are often to better protect you from breaches.
- Set up two-factor authentication and two-step verification on all critical accounts like email, social networks, Apple ID, and shared workspaces.
- Change your passwords often.
If you’ve taken the above steps and your computer is stolen, you won’t need to worry about your data being stolen along with it. We strongly recommend all human rights defenders take these precautions.