LGBT advocacy organizations in Uganda are at risk of cyber attacks, according to a report published by Key Populations Uganda (KPU). The organization advocates on behalf of LGBTQI people and male sex workers in particular and also works to serve the needs of Ugandan minority groups in general.
By Joto la Jiwe
The Digital Assessment Report from KPU found extensive cyber vulnerability of Ugandan LGBTQI rights organizations, with many of them having no staff member trained in digital security.
The report is based on a 2021 study of awareness on digital security issues among twelve LGBTQI organizations in urban areas in Uganda.
The study found that although most of the registered LGBTQI organizations in Uganda have digital security equipment, no staff members are specifically trained to use it.
In response to the study’s question whether organizations have ever conducted internal digital security assessments for themselves and partners, 83% said no.
The report revealed that organizational leaders are the same people who manage digital security systems and that they have limited opportunities for digital management training.
In his remarks in the report’s preface, KPU Executive Director Ivan Fredrick Kasonko says that the risk assessment was aimed at helping human rights activists plug holes in their groups’ digital security training and management. It was also intended to support advocacy efforts seeking better laws related to data security and access to information.
The Internet and social media have undoubtedly played an important role in the development of a robust LGBTQI community in Uganda. However, online communications can also pose dangers. The use of digital evidence in persecuting LGBTI+ persons and the potential for online harassment and exposure highlight the need for responsible digital security practices.
Activists in Uganda must strike a balance between raising the issue of LGBTQI rights in public debate and ensuring the safety of their members.
Below are online safety procedures recommended by cyber security expert Tom Kowalski in OutVoices:
Staying safe online
There are plenty of ways to remain safe online. The easiest way to exercise caution is to break down cybersecurity into three distinct areas: people, process, and technology. These three main elements will help connect the dots and prevent many adverse events.
Remain aware. Do your due diligence before engaging with an unsafe application, suspicious individual, or meeting someone in-person.
Information oversharing. Guard your personal information when sharing with strangers and do not relay too much information, even on dating applications.
Cautiously connect. Remain cautious whom you connect with and allow into your environment. Often the same tricks and scams in the real-world stem from an initial online encounter. Use your best judgment and if something seems off, trust your instincts.
Safeguard physical access to your device. Never leave your device unattended and unlocked, especially in public. Be sure you lock the screen using a passcode and adjust the screen timeout. Disable notifications on the lock screen, as this is a good way for someone to gain information on you.
Understand your privacy settings. Each application is different, so familiarize yourself with the privacy and sharing settings and adjust them accordingly to your risk.
Search yourself online. Is there information you do not want out there? You can contact websites and remove the information that should not be public. Search people-finding sites and remove your data.
Back up your data. Back up the data from your devices, even from the applications you use. Be sure that it is stored in a secure and encrypted digital storage service to the cloud. Avoid external hard drives or thumb drives to spare your data the event of theft or act of nature. Enable recovery options in each application in case you are locked out.
Good password hygiene. Passwords serve as keys to your digital kingdom, so keeping them secure is paramount. A good password consists of 10-15 upper, lowercase letters, numbers, and characters. Turn on multi-factor authentication (MFA) which will bolster your security if someone obtains your password. Think of MFA as a double door to your home that is locked and requires another key to gain access.
Apps with weak security. Think before you download. Even though they’re from trusted sources such as the app store, many applications are risky due to the lack of privacy and safety. Applications with weak security will compromise any device that has strong security. Be cautious granting permissions to your contacts and other data on your device. Also, read the privacy policies before downloading. These policies are typically confusing, so look for four main components: what data the company collects, what they do with that data, how they protect your data, and how you can control their use of your data. If you are not comfortable with how the company handles your information, do not download it.
Secure WiFi Most people have connected to a public WiFi at one point, but doing so can allow others to obtain your data easily. Furthermore, criminals sometimes set up fake WiFI networks, and when users connect, they are connecting directly to the adversary who is filtering the traffic from the device to the Internet, obtaining all information transmitted. Using a VPN (a virtual private network) will help encrypt your data on public WiFi, but using a hotspot is the safest way to prevent data leakage.
Identity theft and reputational monitoring. Consider identity theft monitoring that includes social media. Some cost-effective solutions on the market will alert you of any identity theft issues, reputational threats and even help remove your personal information from the web to reduce incidences.
Security software. Many individuals have antivirus on their PCs and think they are safe, but antivirus is only part of the solution and will not protect you from today’s sophisticated attacks. Often forgotten is security software for mobile phones, yet mobile phones are the most significant risk of attack. Advanced endpoint security solutions that include antivirus, and malicious web link scanning, some of the crucial components of good security and that protect all devices, even HVAC thermostats.
Password manager. Everyone should have a password manager to store their digital keys safely. Keeping passwords in a notepad or your digital notes is asking for trouble. Many browsers have password managers, but those are not a good idea either. Cybercriminals can target browsers. The safest method is an encrypted, vaulted password manager that syncs to all devices.
BRINGING IT ALL TOGETHER
Cybersecurity is everyone’s responsibility, and we must learn that all data is valuable. As our dependence on technology steadily increases, end users must take their safety into their own hands. Until our laws are modernized (and remain that way), it is up to individuals to protect themselves online. It is a critical mistake to leave your security and privacy in the hands of others. The best method is to be smart about your safety and protect yourself from the evolving online incidents that continue to increase in number and magnitude.
It is vital to partner with a cybersecurity consultant who supports marginalized communities, especially LGBTQ. Most technology companies lack diversity and cannot provide the proper guidance and trusted advice to LGBTQ individuals. It is best to have someone by your side whom you can trust to help protect against the evolving threats that we face online.
Joto La Jiwe, the author of this article, is a Ugandan correspondent for the African Human Rights Media Network and a member of the Uganda Health and Science Press Association. For security, he writes under a pseudonym.