Security

7) USA Citizens can Enroll in “STEP” —

The USA’s “Smart Traveler Enrollment Program” is a free service provided by the U.S. Government to U.S. citizens who are traveling to, or living in, a foreign country. STEP allows you to enter information about your upcoming trip abroad so that the Department of State can better assist you in an emergency. STEP also allows Americans residing abroad to get routine information from the nearest U.S. embassy or consulate. Sign up at…

 

https://step.state.gov/step/

 

The US gov’t promises they “will not disclose the information you provide us in your STEP application to any third parties unless you have given us written authorization to do so, or unless the disclosure is otherwise permitted by the Privacy Act.” By signing up, you can get special updates from embassies and other USA sources about the places you’re visiting or the countries in which you’re residing. Worth it.

2) With All the Instability this Spring, Need Video Security? —

Now you can order it — affordably. Just visit…

 

https://www.dropcam.com/

 

Check out the Dropcam basic (no audio) for $199 and the Dropcam Echo, with audio, for $279. Both are relatively easy to install. You won’t need an I.T. degree or even a book. All you’ll need is access to your wifi router. (If you don’t have one, then yes — you might need some help setting one up.) Highly recommended.

4) Plan Now for Child Safety Network in Asia, November 2010 —

In November, the Child Safety & Protection Network (CS&PN) Seminar will be held in Asia with family friends.. For more information on CS&PN please click

http://childsafetyprotectionnetwork.org/

You can register for the Network Seminar either as a stand-alone one day preconference for missions organizations representatives or as one of your days of attendance at ICEC.

To register for the CS&PN preconference and/or the entire ICEC conference

http://www.acsi.org/Educators/ConferencesWorkshops/tabid/600/itemId/4381/Default.aspx#Registration

For more information regarding the 1 day preconference and/or the entire ICEC conference click

http://www.acsi.org/Educators/ConferencesWorkshops/tabid/600/itemId/4381/Default.aspx

6) Upcoming Workshops on Security from Crisis Consulting Int’l

Check out these upcoming workshops, led by CCI:

Field Security Seminar – April 14-16, 2010 – A three-day program that instructs on target hardening, profile management, disrupting the terrorism and attack cycles, managing violent encounters, convoys, checkpoints/ambushes and dealing with landmines, UXO and IEDs.

Crisis Management Seminar – April 19-21, 2010 – A three-day program that instructs on risk assessment, current threats and trends, policies, contingency planning and crisis management; includes the EZRA risk assessment instruments.

These seminars will be held at the JAARS campus in Waxhaw, North Carolina.  To register or get more information, please visit their website at

http://www.cricon.org

3) Transparency in Mission: Promoting Health/Safeguarding

kellyodonnell2.gifWe heard this past week from Kelly and Michèle O’Donnell, authors of several industry-defining books on member care. They had updated their site at…

http://www.COREmembercare.blogspot.com

dealing with the tough questions of, “How transparent should we be in our work and lives?” on the international weblog “Reflections and Resources for Good Practice.” The entries include definitions and applications of transparency in mission, personal stories from Dr. Kelly O’Donnell, and photos. They also highlight several core resources/links including quotes from Bennis et al’s amazing book Transformation: How Leaders Create a Culture of Candor, a link to the Summary Report from Transparency International on Preventing Corruption in Humanitarian Assistance, and a link to the ECFA’s suggested guidelines for dealing with misconduct and whistle blowing. They personally invited Brigada users in particular to peer into their souls, leave a comment, and join the interaction.

4) Guidelines for Security on Social Networking Sites

reachglobalThanks much to ReachGlobal, who shared with us their guidelines for social networking sites. The author, their Dir. of Special Initiatives, was kind enough to grant us permission to publish it here as a seed for further thoughts on how to relate to Facebook. Thanks for your work, your unselfishness, and your willingness to help all of us grapple with these issues, Lindsay!

http://www.brigada.org/guidelines-for-social-networking

8) Ten Facebook Preferences to Change for More FB Security

facebook.gifAre you a Facebooker? If so, you’ll probably want to scan…

http://www.allfacebook.com/2009/02/facebook-privacy/

The author suggests 10 preferences that are significant for personal security. (I’d tell you who gave us this item, but then we’d be compromising his security. :-) ) Along with this, our informant suggested that we might want to advise folks *not* to use their primary email address as the Facebook point of contact. What’s your take? How secure are you? Please drop in a comment below, anonymous if you please, to let us know your own take on social networking sites like Facebook. Let’s build on our June 14th item and comments, found at:

http://www.brigada.org/2009/06/14_2274

Tell us what you think by leaving a comment there (at the June 14th item) or below.

8) How Would Your Church Or Mission Handle A Critical Incident?

An Illinois pastor was shot and killed, and two parishioners injured after an unknown gunman opened fire during Sunday services at the First Baptist Church in Maryville, Ill ON March 9th.

Read more at …
http://www.foxnews.com/story/0,2933,506820,00.html

Our heart goes out to them over their loss. Is your church ready for such an incident? Where do we get training to prepare for this kind of stuff? How do we make sure it isn’t so easy to repeat it? If you have a favorite resource for offering training, security for such incidents, or awareness coaching (or if you yourself offer such training), please pass the word by clicking on “Comment…” below and sharing your lead.

4) Learn How To Manage Crises And Field Security

CCI is offering two training seminars in April to assist those in the missions community with security and training needs. One, their Crisis Management Seminar, takes place April 23-25. It’s a three-day program that instructs on risk assessment, current threats and trends, policies, contingency planning and crisis management; it includes the EZRA risk assessment instruments. The other is a Field Security Seminar, April 27-29. It’s a three-day program that instructs on target hardening, profile management, disrupting the terrorism and attack cycles, managing violent encounters, convoys, checkpoints/ambushes and dealing with landmines, UXO and IEDs. These seminars will be held at the JAARS campus in Waxhaw, North Carolina. To register or get more information, please visit

http://www.cricon.org/

Got a comment on crisis seminars or other such resources? Click on Comment after this item on the web at…

1) Email Collaboration Solution Found!

Looking for a secure, collaborative email solution for your organization, ministry, or team? Remember the missionaries that asked for recommendations (see the 2008/09/2 edition:

http://www.brigada.org/2008/09/2-email-solution-needed.html

They ended up choosing a solution called Email Center Pro

http://www.emailcenterpro.com/

This solution is…
*** Secure (https encryption)
*** Allows collaboration among multiple user accounts
*** Has a template system to help them quickly answer repetitive questions
*** Helps with accountability by showing what has been assigned to whom
*** Has had super-fast customer service (that’s even tweaked a few things at the server level for their specific needs!)

And the best news is that Email Center Pro has created special pricing for non-profits (yay!) and is giving Brigada a gift for every new user this article generates! How big? 50% of first month’s payment and 15% of the user’s contract for *life*! Wow, that would be $13 every month for Premium accounts!

All you need to do to ensure your discount and generate the gift for Brigada is to sign up at this page:

http://www.emailcenterpro.com/pricing.php

and enter one of the following promotional codes when you for an account level:

BrigadaBasic
BrigadaStandard
BrigadaPremium

That’s it! From there, they take care of everything. (Thanks for any help that this generates for Brigada. If it does, we’ll show any and all donations here.)

4) Headed To A Sensitive Place? Check For Security Vulnerabilities

One of the best spots for checking your computer for vulnerabilities is Steve Gibson’s “Gibson Research Corporation.” It’s even better, in my opinion, than the designers of anti-virus/firewall software… because it’s totally unbiased and not self-serving. Start at:

http://www.grc.com/

Follow the prompts to “ShieldsUp!”. (Note: You can look up in the upper left at the landing page there… hover over “Services”, then click on “ShieldsUp!” Read, then click “Proceed.” At the ShieldsUp page, click on “Filesharing.” The outcome you want is, ” All attempts to get any information from your computer have FAILED.” That’s the answer you want to see. Anything less is unacceptable.

Next, start the whole process over (you won’t be able to click “Back”. This time click on “Common Ports.” The answer you want this time is, “Your system has achieved a perfect ‘TruStealth’ rating.” Anything less is unacceptable. If you don’t see these two messages, go shop for a better firewall.

Next click on “All Service Ports.” The answer you want here is ” Your system has achieved a perfect ‘TruStealth” rating.'”

Hats off to Steve Gibson for giving us these kinds of tools.

6) Do You Work In Hard, Unreceptive Places?

If so, consider enrolling in the International School of Reconciliation Studies, a self paced, web-based, school for leaders. In association with the International Reconciliation Coalition, an organization founded by John Dawson, President of Youth With A Mission, The International School of Reconciliation speaks of reconciliation between God and Self, the Biblical Basis of Reconciliation, and best practices of reconciliation around the world. Scholars and practitioners from around the world are your teachers. Enrollment is open the month of January, for more information go to

http://www.gracebridge.org/

Limited financial scholarships are available.

2) ‘Safe Travel Solutions’ For Missions Teams

Overseas missions travel is becoming increasingly more dangerous. Just yesterday, a personal friend of mine watched as thieves duct-taped the mouth of his wife in his own home. A handful of thieves took whatever they wanted, then drove off in the missionary’s car. Traveler kidnappings, illegal detentions, carjackings, and home invasions increased 300 percent just in 2005-06, says personal security specialist David Dose, founder of Fort Sherman Academy, where faith-based audiences have been receiving hostage survival and anti-terrorism training since 2003. Now the highly effective Fort Sherman training is available in a two-DVD curriculum called “Safe Travel Solutions.” Topics include Protective Measures, Surveillance, Surviving Hostage Situations, Minimizing Sexual Assault, and Dealing with Demands for Information. For more information, visit

http://www.safetravelsolutions.org

Fort Sherman was kind enough to send an evaluation copy. We recently sent representatives from our organization out to Fort Sherman for personal training and my conclusion is – if you can’t get to Fort Sherman personally, get this DVD before you travel.

12) The Backpage: Trouble In Vpn-City

I just returned tonight from a trip to the Middle East, primarily in a country that filters Internet access through a national proxy. None of the hotel rooms (that I stayed in) had in-room Internet… so it was Internet cafes for me in each stop. You’ve heard us say before on Brigada — the only way to safely access POP3 email at an Internet café is to shield your communication in a secure software tunnel referred to as a virtual private network (VPN). There *are* solutions for encrypted email (like Hushmail), but none of them allow you to use a simple POP3 box with a client like Outlook. For example, I *was* able to access my Hushmail account, but … it’s just not as quick and easy. Plus, it’s not very dependable off-line (I’ve had annoying glitches keeping the Outlook IMAP3 plug-in to stay in the running with Hushmail.) So… for convenient POP3 email *and* for secure web-browsing to the site of your choice, you really need a VPN in any country which would misunderstand your good intentions… or anytime you’re exchanging information about sensitive finances.

In the old days, a VPN might have raised your profile; not so any more. Every business man that passes financial information uses (or ought to use) a VPN. You usually wouldn’t have to carry around a hardware device to run a VPN. Many “software” versions are available, usually by running a “client-side” application on your laptop — which, in turn, talks to a VPN “server-side” mother-ship application, either on your own server back in your homeland, or, alternatively, via a server maintained by the company from which you buy or rent the VPN service. Some companies will offer a VPN for free (usually with other, more powerful services sold for pay), while other charge a nominal fee per month.

One thing I noticed was that it seemed there was no consistent result with the VPN that we hand out to our workers going to sensitive fields. We use Cisco and we oversee the “dashboard” for this VPN ourselves, so it’s really easy to maintain. But, not in this particular land. For example, at the first Internet café I visited on the opening day of this trip, every time I logged on to the VPN, the connectivity to the Internet would vanish. (Have you encountered something similar to that in other instances? If so, please click on “comment” below this item and give your testimony — completely anonymously if you desire.) That night, I tried Wytopia, HotSpotVPN, PublicVPN, and a handful of other VPN suppliers. *Hushmail* worked (without the VPN), but, as for my POP3 mail, I left empty-handed that night. I wasn’t willing to download it into the open. Now later in the week, I went back to that same café and tried again — and this time it worked! (Have you experienced that too?) I wondered later… if I had rebooted, would it have reset some routine that allowed it to connect? Either way, let’s start a list below of our favorite vendors for VPNs, along with anything to beat the problems. Here are the issues we seem to be battling, in the “real-world testing” department:

*** Some internet cafes seem to have blocked the port that the VPN uses?
*** It seems inconsistent; it’ll work sometimes and not work other times.
*** The VPN would sometimes just drop… like… if the wireless radio in the coffee shop had a hiccup, the secure-conduit would drop. (Sometimes when I’d try to launch it again, it wouldn’t have exited cleanly, so I’d have to reboot first. Hassle. Don’t get me wrong; I don’t mind all the hassles in the world, if they help us do this stuff securely. I’m just wondering if there’s a better way out there.)

Maybe we’ll find an obvious lay-down best VPN in the world? :-) Or maybe a satellite solution has leap-frogged the old technology and now we don’t even need internet cafes anymore?

2) Is Cell Phone Security Even Worse Than We Thought?

Here’s a question from a field worker who writes, “Our mission team is located in a ‘police state.’ We know the police listen to our phone calls regularly. We also know they can use triangulation to locate us. We’re fine with that stuff. :-) But now we’re facing a couple of new concerns:

“*** REMOTELY EAVESDROPPING WHEN WE’RE NOT ON THE PHONE — The microphones in cell phones are now being turned on remotely to allow eavesdropping on their owners anytime (even when you’re not making a call). We’ve figured out how to overcome this problem… but we kind of hate to always have the batteries out of our cell phones. :-) [By the way, if you think this worker has been watching too many episodes of “24”, just do an Internet search for the term, “FBI taps cell phone mic as eavesdropping tool.”]

“*** REMOTELY ACCESSING CONTENTS OF YOUR PHONE — We’re hearing (from some pretty tech-smart guys) that it’s easy to remotely hack into the contents of our phone, getting full access to our pics, calendars, docs, task lists, etc. The implications are huge. Can anyone confirm or deny this?

“To the degree all of this ‘just depends’ upon what model of phone a person uses we would be extremely grateful for information about which models are suceptible and which aren’t. Also, we’re re-evaluating our team’s technology security protocol. Can anyone share cellphone security guidelines they’ve adopted?”

Well, that’s a lot… but if you’ll just click on the link below, then click on “Comment”, you could write to your heart’s content, even anonymously.

1 2 3 4  Scroll to top