DIGITAL SAFETY TRAINING
Security & Privacy Basics
Simple steps everyone can take towards increasing their digital privacy and security through passwords, lock screens, and precautions in regards to links.
Published: March 2021
In this training, we are going to cover three topics relating to digital safety:
- Creating strong passwords.
- Setting screen locks.
- Being careful about links.
We will focus on ways to increase security and privacy that do not require any additional software, hardware, or apps.
Did you know that you can start making changes right away that will help keep your information safer online?
We have created a guide that explains three practical steps you can take to protect your personal information online.
Simple steps that are easy to remember, easy to do, and easy to repeat will help you stay safe and protect you against several common threats.
Actions that are easy to do are better than complicated steps that you rarely do.
Share these with others in order to help both you and your community!
So let’s start with this question:
What does it mean to keep yourself safe, digitally?
When we talk about digital safety, we are talking about security and privacy.
Security protects your personal information, and privacy is who can see and share your personal information.
Your personal information includes things like your identity, location, email address, social media accounts, passwords, contact lists, and communications with others. It can also include documents, downloads, and data stored on your devices.
Another aspect of digital safety involves the security of your physical device. A device is anything you can hold in your hand, such as a phone, a tablet, a USB key, or a computer.
It helps to think about security as something you need to do regularly, over and over. The goal is to start with the basics and continue to learn more about how to assess each situation and act safely.
It’s easier to focus and plan when we are calm. If you feel tightness in your body, this breathing exercise can help. It can be done in about a minute and is designed to slow your breathing and help reduce tension.
It’s easier to focus and plan when we are calm. If you feel tightness in your body, this breathing exercise can help. It can be done in about a minute and is designed to slow your breathing and help reduce tension.
A short breathing exercise (called 5-5-5)
- Put your hand on your stomach. You can close your eyes, or keep them open. You can stand or sit. Do whatever feels good!
- Breathe out and try to empty your lungs of all air.
- Now breathe in slowly and feel your stomach rise as you inhale, trying to inhale for 5 seconds.
- Hold your breath for 5 seconds.
- Slowly breathe out the air until your lungs are empty, for 5 seconds.
- Repeat, breathing in slowly, holding the air, and breathing out.
- Do this 5 times.
The trick is to breathe into the stomach, and breathe slowly. You can do this for as many minutes as it feels good. Even if you only do this for a few breaths, it will help. Come back to this exercise at any point during this training if you notice tension in your body or mind.
A short breathing exercise (called 5-5-5)
- Put your hand on your stomach. You can close your eyes, or keep them open. You can stand or sit. Do whatever feels good!
- Breathe out and try to empty your lungs of all air.
- Now breathe in slowly and feel your stomach rise as you inhale, trying to inhale for 5 seconds.
- Hold your breath for 5 seconds.
- Slowly breathe out the air until your lungs are empty, for 5 seconds.
- Repeat, breathing in slowly, holding the air, and breathing out.
- Do this 5 times.
The trick is to breathe into the stomach, and breathe slowly. You can do this for as many minutes as it feels good. Even if you only do this for a few breaths, it will help. Come back to this exercise at any point during this training if you notice tension in your body or mind.
Feeling calmer and ready to move on to digital safety? Let’s do this together.
The next sections will cover:
- Creating strong passwords
- Setting screen locks
- Being careful about links
PASSWORDS 
A strong password is easy to remember, but hard for other people or computers to guess, and different for each account.
Be sure to keep your password a secret. Sharing with others makes passwords less secure.
And the best way to create strong passwords is to create passphrases.
A passphrase is a random collection of six words or more. Creating long passphrases makes it hard for people or computers to guess. And because they are words you choose, it will be easier for you to remember.
For some accounts, you will also need to add in special symbols (such as $,%, or !) or a number.
A passphrase can be a list of things you like, places, or any combination of at least six random words.
However, do not use personal information like your name, address, phone number, or birthday.
Here is an example:
Foods I like: mango, avocado, oranges, carrots, eggs, and coffee.
Then I could combine these, and add symbols.
So then my passphrase would be: mangoavocadoorangescarrotseggscoffee!
Now it is your turn. Try thinking of a passphrase that you could use.
Did you do it? Great!
So now you know how to create passphrases as passwords, and understand why they are a good idea.
The next important thing?
You need to have a different password for each account.
Why?
Because if you use the same password for multiple accounts, if someone finds out a password to one of them, then they have access to all of your accounts that use that same password. But if each account has a different password, your accounts are safer because even if someone is able to hack into one account, they still cannot access any other accounts.
To review:
- We create strong passwords by creating passphrases.
- Strong passwords are easy for us to remember and hard for others to guess.
- Each account needs to have a different password.
- Keep your passwords a secret. Do not share them with others.
- Change your passwords regularly. Set a reminder for yourself.
To review: 
- We create strong passwords by creating passphrases.
- Strong passwords are easy for us to remember and hard for others to guess.
- Each account needs to have a different password.
- Keep your passwords a secret. Do not share them with others.
- Change your passwords regularly. Set a reminder for yourself.
If you have wifi at home, create a strong password for the wifi.
Be aware of your surroundings. Make sure no one is watching when you type your password.
If you are using a shared computer, be sure to log out of all sites (including social media and email) when done.
If you have wifi at home, create a strong password for the wifi.
Be aware of your surroundings. Make sure no one is watching when you type your password.
If you are using a shared computer, be sure to log out of all sites (including social media and email) when done.
Hint: An additional way to protect your accounts is to use two-factor authentication. Two-factor authentication means that in order to log into an account, you need your password (that you just created!), plus a second way of confirming your identity, usually via email, text message, or an authentication application. Many accounts, including facebook and email, have two-factor authentication as an option. Keep in mind that you will need to keep your phone charged to use two-factor authentication, or you will not be able to log into your account.
SCREEN LOCKS 
When it comes to our devices, the goal is to make it as hard as possible for someone to get to our information, even if they have our device in their hand.
A good way to do this is by using screen locks. A screen lock is a function that ‘locks’ your device, much like a key locks a door. With a screen lock, you have to unlock your device. The key to unlock it is either a passcode, a pattern, a fingerprint, or a password.
Screen locks for phones often give you the choice between a passcode (numbers), drawing a pattern, or using your fingerprint. Screen locks on computers usually use passwords.
If you are using a password, remember to create a strong password by using a passphrase. If you are using a passcode, choose numbers that are hard for others to guess. Remember to choose random numbers, not something like your birthday or address.
Hint: An additional way to protect your accounts is to use two-factor authentication. Two-factor authentication means that in order to log into an account, you need your password (that you just created!), plus a second way of confirming your identity, usually via email, text message, or an authentication application. Many accounts, including facebook and email, have two-factor authentication as an option. Keep in mind that you will need to keep your phone charged to use two-factor authentication, or you will not be able to log into your account.
SCREEN LOCKS 
When it comes to our devices, the goal is to make it as hard as possible for someone to get to our information, even if they have our device in their hand.
A good way to do this is by using screen locks. A screen lock is a function that ‘locks’ your device, much like a key locks a door. With a screen lock, you have to unlock your device. The key to unlock it is either a passcode, a pattern, a fingerprint, or a password.
Screen locks for phones often give you the choice between a passcode (numbers), drawing a pattern, or using your fingerprint. Screen locks on computers usually use passwords.
If you are using a password, remember to create a strong password by using a passphrase. If you are using a passcode, choose numbers that are hard for others to guess. Remember to choose random numbers, not something like your birthday or address.
Screen locks can usually be enabled under the ‘Settings’ or ‘Privacy’ function on your device.
Screen locks can usually be enabled under the ‘Settings’ or ‘Privacy’ function on your device.
To review:
- Set screen locks for all of your devices.
- Do not share your passcodes or passwords with others.
To review: 
- Set screen locks for all of your devices.
- Do not share your passcodes or passwords with others.
LINKS
One of the most common threats to our personal information comes from links we receive in emails, chats, or through social media.
A link, also called a hyperlink, can be thought of as a connector. The link contains information that will redirect you to a new site, if you click or tap on it.
Why is this a problem?
Because links can take you to a fake site that looks very similar to the real site, and ask you to log in, thereby gaining access to your personal information. These websites often look exactly like the real website, but are fake and there to steal your information.
It is called phishing when a site or program is trying to steal your information.
Phishers often use URLs that look very similar to the real one, but have small changes.
Here are a few examples:
If the real address is www.facebook.com, the fake sites might look like this:
wwwfacebook.com (missing the dot between www and facebook)
www.facebok.com (missing an o in facebook)
www.facebook.net (replacing com with net).
So how do you know if the website is the real thing or a fake?
Take a close look at the URL. A URL is the web address you usually enter to go to the website.
What do you notice? Does it look correct?
LINKS
One of the most common threats to our personal information comes from links we receive in emails, chats, or through social media.
A link, also called a hyperlink, can be thought of as a connector. The link contains information that will redirect you to a new site, if you click or tap on it.
Why is this a problem?
Because links can take you to a fake site that looks very similar to the real site, and ask you to log in, thereby gaining access to your personal information. These websites often look exactly like the real website, but are fake and there to steal your information.
It is called phishing when a site or program is trying to steal your information.
Phishers often use URLs that look very similar to the real one, but have small changes.
Here are a few examples:
If the real address is www.facebook.com, the fake sites might look like this:
wwwfacebook.com
(missing the dot between www and facebook)
www.facebok.com
(missing an o in facebook)
www.facebook.net
(replacing com with net).
So how do you know if the website is the real thing or a fake?
Take a close look at the URL. A URL is the web address you usually enter to go to the website.
What do you notice? Does it look correct?
If you aren’t sure, close the window. Open a new window and type in the address you usually go to. Then log in that way, instead of following a link.
If you aren’t sure, close the window. Open a new window and type in the address you usually go to. Then log in that way, instead of following a link.
Email is the most common way phishing links are sent, because it is easy to send an email that looks like it is coming from someone you know, even when it is a fake. Links can also be sent from social media accounts or come from strangers.
It is even possible to endanger your computer just by clicking on a link, because links can install dangerous software that tracks what you do or damages your device. This type of software is called malware or malicious software.
Be careful!
Very often, the emails we receive are trying to alarm us. They tell us that our account has been compromised, or that videos or photos of us have been posted, or some similar message that is designed to create fear. If an email message is creating fear, take a deep breath or do the 5-5-5 breathing exercise and remember that it is very likely a fake email trying to trick us into giving up our personal information. Do not click on these links.
So are all links bad?
No. But you should be very careful about clicking on anything, even if it seems to be from a person, business, or organization you know.
A few warning signs: 
The message only contains a link, but no message.
The message does not seem to be written in the style the person usually writes. For example, it does not contain the type of greeting or text the person would usually use with you.
The message seems to be generic. An example would be a message that says, “Hello friend! Here is a very interesting article you should read: LINK”
The message contains spelling mistakes.
The link feels suspicious to you, even if you can’t explain why.
So what should you do if you are sent a link?
- If you do not recognize the sender, do not click. Delete it.
- If you recognize the sender, but are unsure, do not click. Instead, contact the person through a different channel and ask if they sent a link and what the link is for.
- If you are being told that something bad is happening to your information, do not trust the link. For example, if you receive an email saying that you need to change your password on Facebook, do not use that link. Instead, open a new window and go directly to Facebook to see if any message appears regarding your account. If there is no notice there, you know the link was a fake.
- The same precautions apply to opening attachments. They can contain malware and you should only open attachments if you are absolutely sure you know who it is from and that it is a document you requested.
So what should you do if you are sent a link?
- If you do not recognize the sender, do not click. Delete it.
- If you recognize the sender, but are unsure, do not click. Instead, contact the person through a different channel and ask if they sent a link and what the link is for.
- If you are being told that something bad is happening to your information, do not trust the link. For example, if you receive an email saying that you need to change your password on Facebook, do not use that link. Instead, open a new window and go directly to Facebook to see if any message appears regarding your account. If there is no notice there, you know the link was a fake.
- The same precautions apply to opening attachments. They can contain malware and you should only open attachments if you are absolutely sure you know who it is from and that it is a document you requested.
To review:
- Be careful about clicking on any links.
- Look very closely at the URL of the link. Does it look right?
- If you are unsure, contact the person directly and ask about the link.
- When in doubt, stay safe and do not click on the link.
To review: 
- Be careful about clicking on any links.
- Look very closely at the URL of the link. Does it look right?
- If you are unsure, contact the person directly and ask about the link.
- When in doubt, stay safe and do not click on the link.
Congratulations! 
You have reached the end of this training.
Congratulations!
You have reached the end of this training.
Now you know how to:
- Create strong passwords.
- Set screen locks.
- Be careful about links.
As we mentioned in the beginning, the best things are simple things you do regularly.
Just like in playing a sport, where you both repeat the same movements and also try to add new tricks, keeping yourself safe involves doing some things continually, like using strong passwords, screen locks, and being careful about links. And it involves always learning more, so that you can best assess each situation and act safely.
To learn more about this topic, we have linked to other trusted sites below.
Safe Sisters: https://safesisters.net
Data Detox Kit: https://datadetoxkit.org/en/home
Surveillance Self-Defense: https://ssd.eff.org/en/module/how-avoid-phishing-attacks
Freedom of the Press Foundation: https://freedom.press/training/mobile-security-protest-preparation-tips-activists/
Want to keep learning?
Want to keep
learning?