Civil society organisations that operate publicly in the Gulf will naturally become state surveillance targets. Being a target of surveillance can mean facing attempted hacks to access private data. The challenge for organisations in maintaining security and privacy is difficult and always needs systems in place to review policies to keep up with emerging technological threats. This can prevent breakthroughs that may jeopardise the work of the organisation or its collaborators. In this article we will outline some recommendations that organisations and institutions working in public affairs should pay attention to. The article will be divided into two sections, one dealing with logistical security, the other digital or technical security.
- Organisations with headquarters, whether they have one or several headquarters deployed in several locations, must make sure that security systems are clear and always followed.
- Ensure that access to the headquarters is authorised using permits. Always ensure the identity, validity and accuracy of permits granted to visitors.
- Inside the headquarters, there are offices that may contain devices or files with sensitive information.
- Third party permission to enter these offices must be granted when necessary and under the supervision of officials in the organisation.
- Offices that contain hardware, especially servers, or devices connected to the internet or other branches of the organisation, must always be secure and monitored.
- The installation of a surveillance camera in the offices of the organisation helps to document any suspicious activity.
Digital and Technical Security
Technology has become the backbone of many institutions especially civil society organisations. Ensuring digital security including securely managing incoming and outgoing data is extremely important. We therefore recommend following these tips to ensure greater security:
- Passwords must be used to access devices and protect them against unauthorised access.
- Use securely encrypted communications devices and other hardware.
- Make sure that device operating systems and any software being used are up to date.
- Use anti-virus software, encryption software and secure communications applications.
- Adopt a security policy to oversee and ensure that access to information is divided according to necessity.
- Adopt a security policy on how to receive information, send information, keep information or destroy information when not needed.
- Adopt contingency plans for unforeseen events such as the closure of the institution or the arrest of its members
- It is always preferable to utilise security experts to assess the security of the institution and to take the advice that is in the interest of the institution and its security. The AmanaTech team can do this for you!