Skip to content

Digital Safety & Security

Use these recommendations to actively protect yourself from digital threats and keep your online presence safe and secure.

Secure Your Accounts

  • Passwords: Use long, randomly generated passwords that are less vulnerable to hacking. Don't use the same password twice.
  • Consider using a password manager: Password managers save and encrypt all your passwords, making it easier to use unique passwords for each account. 
  • Enable two-factor authentication (2FA): Whenever possible, use app-based 2FA (e.g., Google Authenticator or Authy) instead of SMS for added security.
  • Account recovery: Regularly review and update backup contact information, like your phone number, email address, or secondary device, so you can confirm your identity if needed.

Secure Your Communications

  • Trust your gut. If something feels off, pause before responding.
  • If you get an "odd" or sensitive question from someone outside the organization, respond with, "Let me get you in touch with someone who can answer that." Then, forward the inquiry to the appropriate person on your team.
  • Be mindful of everything you put in writing. Treat every communication as something that could appear on the front page of The New York Times. Do not put something in writing that you wouldn’t want out in the world.
  • Never share personal, private, or confidential information on listservs or peer support forums.
  • Don’t open suspicious links or download unknown attachments, especially in unsolicited emails.
  • Set recording policies. Verbally and in writing, state that video and audio recording, as well as photography, are not permitted for meetings, trainings, or presentations.
  • Keep work-related discussions within secure email, messaging platforms, or designated team spaces. Avoid using personal accounts.
  • Use encrypted messaging and storage. Communicate on encrypted messaging platforms like WhatsApp and store files securely with encrypted cloud services, such as Signal or Proton Drive.
  • If using Zoom, consider using end-to-end encryption, adding watermarks, locking access, or enabling waiting rooms and passwords for meetings/webinars.
  • Use a secure Internet browser to reduce online tracking via cookies and your IP address.
  • Use a personal email if you work with FOIA-subject organizations. If you work for a state or federal organization, your work emails could be subject to Freedom of Information Act (FOIA) requests. However, also be mindful of other information that may be subpoenaed or discoverable, especially if you’re involved in legal cases.
  • If a journalist or researcher reaches out, confirm their credentials before responding. Refer them to designated spokespeople when needed.

Secure Your Devices

  • Use privacy screens on your phone and laptop to prevent shoulder-surfing in public spaces.
  • Protect your IP address with a VPN. VPNs (Virtual Private Networks) encrypt and route your web traffic, helping to protect your activity and ensuring that trolls or other bad actors can’t trace your IP address. 

Doxing

Doxing occurs when someone publicly releases sensitive personal information, like your home address, phone number, or email. Journalists, activists, healthcare providers, and service providers that serve marginalized groups like the trans/LGBTQ+ community are at a higher risk of doxing, as it is often used as a tactic to intimidate or silence individuals.

  • Take screenshots, create archive links, and document everything as evidence.
  • Report it. Most social media and online platforms have reporting options for doxing incidents.
  • If you have a public account, make it private, lock it, or temporarily deactivate it.
  • Continue tracking online mentions or threats, and document everything as it happens.
  • Clean your digital footprint. Remove outdated accounts, personal information, or unused email addresses from online profiles. Consider a service like DeleteMe to help scrub your information from online listings.
  • Remove your information from Google. Follow these guides to remove personal information from Google Search Results and to blur your house on Google Street View.
  • Look for address confidentiality programs. If you live in a shield state, you may be eligible for a state program that keeps your address out of public records.
  • For additional information, check out this anti-doxing guide.

Social Media and Website Safety

  • Inventory your accounts. Review all social media accounts, as you may have more than you remember, and deactivate unused profiles.
  • Remove personal information. Take down identifying details from social media and any personal or work websites.
  • Set accounts to private and, if possible, disable direct messaging from unknown accounts.
  • Many social media platforms allow you to block specific keywords to filter harmful or triggering content from appearing on your feed.

If You Are Harassed Online

It’s important to document any abuse or harassment you experience online, particularly before you report it. Reporting harassment may result in posts being removed, which may mean you cannot capture evidence you may need later on.

  • Save all communications. Capture emails, voicemails, and text messages. For social media harassment, take screenshots and save direct links whenever possible.
  • If you’re being abused repeatedly by a specific individual or group, this communications log will help you see patterns and build evidence.
  • Consider your safety when involving police. 

Additional Resources