Search

In case you have trouble accessing your account and you have checked that you are entering the right password  (mind the CAPS LOCK and keyboard language), you can try resetting your account password. On most platforms and online services this can be done by clicking on the link named “Forgot your password?” or something similar, which is located on the login page.

Follow the instructions on the “Forgot your password” page and make sure that you have access to the email address/phone number you used to create your account. If you don’t have access to this email or phone, you will need to use the recovery (backup) account  if the provider supports that option. Otherwise, you might be left permanently locked out of the account.

Most likely, the service provider will send you a password reset link or code via email or other means of communication, which will enable you to create a new password for your account. From then on, you will use the newly created password to access your account.

Password Recovery account Digital hygiene User account Access recovery

Most platforms and online service providers provide you with an option to set up a recovery or backup contact, usually an email address, a phone number or a set of expendable backup codes. It is very important to set up this option so you don’t get locked out of your account.

In case you can’t access your account and you are not logged in on any other device, use your backup email address or phone to gain access to the original account. Make sure you have access to your backup communication method/account - otherwise you might never be able to access the lost account.

Password Recovery account Digital hygiene User account Account recovery

Another method to gain access to your account is to provide answers to the security questions, in case you enabled that option in your account security settings. However, some providers are leaving the option to implement security questions due to their inefficiency (they can easily be guessed, etc.). Also, people often don’t change the answers to these questions for years or simply forget them because they don’t have a frequent need for them.

However, if you still have a security question as your account backup solution , make sure the answer is kept in a safe place, that it is not some publicly available information or something easy to guess (“What’s your favourite food?” for example).

Password Digital hygiene User account Access recovery

Modern browsers '> (Firefox, Chrome, Edge) have the option to save your passwords, so you don’t have to enter them every time you log in. However, this is not recommended and you should use a separate password management  software such as KeePass, KeePassXC or Bitwarden.

In cases where you cannot log in by typing your password, you should check if your browser saved a password at some point and use it to access your account. It is always advisable to copy and paste the password instead of typing it to avoid errors.

Password Digital hygiene Browser Access recovery

In case your website is down or has other unusual performance issues, the first thing you should try is changing your account password  for the website in the content management system (CMS) interface, such as for example WordPress. 

When heavy cyber incidents occur, it is also advised to change the server password. This can be achieved in different ways depending on the type of the server ,such as Windows Server or Linux. 

Use SHA key authentication

For additional security, it is highly recommended to use SHA key authentication, i.e. setting up SSH (Secure Shell) [SHH] on your server. SSH is a popular software package which enables secure system administration and file transfers over insecure networks, meaning that it uses encryption to secure the connection between a client and a server. All user authentication, [AUTENTIFICATION] commands, output and file transfers are therefore protected from attacks in the network.

All details about implementation and configuration can be found on the SSH official website.   

Error Server Site Password

When making a password , you should make sure that it is unique, i.e. that it is only used for one account or device, long and complex. 

Using the same password for multiple resources is a risk - if one of your accounts is compromised, others using the same password might be as well. 

Having a long password - 10+ or even 20+ characters, the longer the better - makes it harder to crack with brute force attacks. Use of different types of characters and symbols, such as numbers, small and capital letters and special characters (!, ~, *) is strongly encouraged.  

Avoid using online password generators and “how strong is my password” tools - you can’t know who is behind them and where your passwords might end up.

It is also highly recommended to set up multi-factor authentication  on your accounts, if the online service or platform has that option. This creates an additional layer of protection, as an additional step is required to login, usually a one-time code received via SMS or an app such as Google Authenticator.

However, multi-factor authentication (MFA) is not a “silver bullet” solution - people are still susceptible to social engineering attacks, such as phishing scams, and can be persuaded or fatigued to provide the second authentication factor, a one-time code for example. This is why it is important to consider a phishing resistant solution for MFA, such as the use of physical hardware keys.

Multi-factor authentication by default is unfortunately still not an industry standard - there are services which don’t offer it, and for those that do, users still have to navigate through complex security settings in their accounts in order to set it up.

Although any kind of MFA is better than having none, some forms are safer than others. For example, receiving codes via SMS is not reliable due to security flaws in mobile networks and so called “SIM swapping”, i.e. when an attacker gains access to a person’s phone number by tricking their mobile provider’s staff.

However, it should be noted that MFA is not a substitute for regular security training and awareness of threats such as ransomware. It is very important to build a positive, proactive security culture within your organisation with motivating and engaging training - you can improve the digital security on both personal and organisational level if you focus on all three domains of cybersecurity: people, processes, and technology.

Password Authentication Digital hygiene Apps

With so many accounts an average internet user has today, it has become impossible to memorise all passwords and have them be unique, long and complex at the same time. 

That is why you should use applications  called password managers , which securely store your login credentials and protect them with a master password. That way, you only need to remember your master password and you can copy/paste your other credentials directly from the app. Password management software usually has the option to automatically generate a long and complex password, made of randomised characters and symbols.  

Applications commonly used for password management are KeePass, KeePassXC and Bitwarden.

Storing login credentials in browsers '> should be avoided, together with online password managers which are not open source and end-to-end encrypted .

Password Authentication Digital hygiene Apps

In one system (company, newsroom) all computers, printers, storage devices (storage servers or mini data centers ), mail servers, routers [ROUTERS] and other components are connected to the internal, local network, physically (by cable) or wirelessly (wi-fi). These networks are usually based on the so-called client-server architecture. A client or user is a computer or other hardware component in everyday use, while a server is a special computer that allows clients to use the resources stored on it. These can be applications, web pages, files, emails, databases, etc. There are different types of servers: web server, file server, mail server, database server, etc. Due to the high concentration of sensitive data in this network, special protection measures are applied to it.

A wireless network may have different physical bands depending on the strength of the transmitted signal. Indoors, this range averages about twenty meters around the router, which often means that this network is available outside the room. Routers that emit a wireless signal have several layers of protection, the configuration of which is the task of the administrator, including setting up adequate protection measurers. 

Below are the most common protection measures for wireless networks:

• Wireless security mode: It is recommended to use WPA2 (Wifi Protected Access 2) protection which has two possible applications. PSK (Pre-Shared-Key) is set easily, by setting a password [PASWWORD] , while Enterprise requires a slightly more complicated setup and an additional RADIUS (Remote Authentication Dial In User Server) server. In most cases, the PSK method is good enough as a protection mechanism for small and medium organisations, if the password meets the standards. Many routers [ROUTERS] also support WPS (Wi-Fi Protected Setup), a system that allows you to log in to a wireless network using a button on the router, without entering a password. This system has serious security flaws, so it is recommended that it be turned off on the router;
• MAC filtering: MAC address is the physical address of the device that connects to the network. The router can be configured to allow access only to addresses that are on its list. This method will not stop advanced attackers, who can detect the list of MAC addresses from the router and download some of the associated addresses for their device;
• Hiding SSID (service set identifier): SSID is the name of a network that is usually public. Similar to the MAC filter, hiding the SSID will not stop advanced hackers, but it will prevent some less capable attackers from playing with someone else's network;
• Using multiple wireless networks is recommended when there are at least two categories of people for whom the network is intended, for example employees and guests. Given the characteristics of wireless networks, the only way to physically separate the network used by employees from the network to which other visitors are connected is to maintain separate routers, where everyone will have their own cable that connects directly to the internet.

Server Password Apps

In case your account gets deleted, there is a possibility that you could request a recovery , as long as not much time has passed since it was deleted. In case you didn’t use your account for a long time, you probably won’t be able to restore it in full.

The process differs among various service providers. With Google, for instance, a user will be asked a series of questions in order to confirm it is indeed their account. Advice Google gives to users trying to restore their accounts is to answer as many questions as possible without skipping them entirely, use a familiar device and location, be exact with passwords and security questions, use an email connected to your account which you can access (e.g. a recovery email) and add helpful details if you're asked why you can't access your account.  

Password Recovery account User account Account recovery

If you believe that your device might be stolen, as a precautionary measure it is good to change all the passwords  to your accounts which are logged in. It is also advisable to use a trusted device  to logout from all sessions on the lost device.

Changing all of your passwords is much easier and safer with the help of specialised applications called password managers  . These apps [APPLICATION] securely store your login credentials and protect them with a master password. That way, you only need to remember your master password and you can copy/paste your other credentials directly from the app. Password management software usually has the option to automatically generate a long and complex password, made of randomised characters and symbols. Applications commonly used for password management are KeePass, KeePassXC and Bitwarden.

Password Digital hygiene Phone/Tablet Apps Location Computer/Laptop

If resetting your device to factory settings  did not resolve the issues you experienced, it might be best to take the device to a repair shop. Before you do this, it is important to backup  any data on your device and also make sure to protect your device, sensitive files and apps with a password or a PIN.

Before choosing a specific repair shop, do a simple online search and try to find the ones with the best online reviews and positive comments.

Password Data backup Digital hygiene Phone/Tablet Computer/Laptop Device reset

Targeted assaults, lasting any amount of time, at a high intensity, that cause harm, intentionally exploiting vulnerabilities. Harassment is an attack on human dignity, reputation and privacy, with the goal of silencing and/or curtailing the target’s digital participation.

Password Authentication Recovery account Digital hygiene Phone/Tablet Encryption Malware Location Report to platform Block user Safety Support Sexual Harassment Computer/Laptop Criminal charges

Because harassment comes in many shapes and forms, it can be reported as a number of different criminal offenses. 

Sexual harassment (art. 182b of the Criminal code) explicitly mentions verbal forms of assaults, but necessitates the filing of a motion to initiate criminal proceedings with the Public prosecutor. In other words, you must inform the police and the Public prosecutor - a standard procedure - as well as file a motion to initiate the proceedings. 

ADVICE: File the motion. The courts are a crucial component of protection against harassment. 

Endangering safety, one of the many consequences of harassment, under art. 138 of the Criminal Code, provides another legal basis for protection. In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence needed for filing the criminal charges. This option is  especially relevant for (female) journalists.

ADVICE: Explain in detail how, why and when you feel unsafe, and detail your concern for the safety of your family and loved ones. These details could be the key to success when it comes to court proceedings.

Password Authentication Recovery account Digital hygiene Phone/Tablet Encryption Malware Location Report to platform Block user Safety Support Sexual Harassment Computer/Laptop Criminal charges

There is always an inherent risk that online harassment will transition to the physical world. For this reason, physical safety is a crucial precondition for any other form of meaningful protection. In terms of mental protection, sometimes it is helpful to take a break or minimize time spent on social media platforms, or those platforms of communication where you are targeted with harassment. Talking to friends, family, partners and colleagues about harassment can also be helpful in creating a system of support. 

Blocking  , filtering and reporting options on social media platforms can often serve as a helpful tool for documenting harassment. 

The DeleteMe tool can help find and remove your personal information from some websites. 

Reaching out for support professional associations and support groups is another method for dealing with harassment. 

Several investigative journalists and their networks track down perpetrators of online harassment by analysing their digital footprint. This has been an effective mechanism for not only the identification of perpetrators, but also exposing them and their crimes to public scrutiny. 

In Serbia, female journalists can find support through the initiative “Female Journalists against violence”, and dozens of other feminist organizations that offer services for individuals targeted with violence, including online.

 If you ever feel that the online violence you’re experiencing, might transition into the physical world, call the police → immediately. 

Password Authentication Recovery account Digital hygiene Phone/Tablet Encryption Malware Location Report to platform Block user Safety Support Sexual Harassment Computer/Laptop Criminal charges

Revenge porn is defined as posting sexually explicit content without consent, with the intent of humiliation, shame or blackmail. Revenge porn is a violation of  privacy and can result in extreme emotional trauma. 

Revenge porn is a serious form of assault, and as such, it is crucial that instances are reported to the police and the public prosecutor. There are several criminal acts that can be used as a legal basis to prosecute the posting of revenge porn. 

Sexual harassment (art. 182b of the Criminal Code):  filing a motion for the initiation of proceedings is a precondition to start the procedure. This means that you must inform the police and the public prosecutor - a standard procedure - as well as file a motion to initiate the proceedings. 

ADVICE: File the motion. The courts are a crucial component of protection against revenge porn.

Unauthorised wiretapping and recording (art.143 of the Criminal Code ), unauthorised taking of photos (art. 144), unauthorised publishing and presentation of another’s texts, portraits, and recordings (art.145 of the Criminal Code ), are other charges that refer to illegal recordings, and could be utilized to prosecute cases in which video was made without consent, even if it was not posted online.  These procedures carry private criminal charges, which means that you, the filing party,  must present the identity of the perpetrator, and as many details and as much evidence as you can (for example, where the recordings are stored, where the camera could have been placed during the recording, etc.). 

Your physical safety is the highest priority when it comes to protection.

If your harasser intentionally positions themself in your physical vicinity, you can request a court issued emergency restraining order. 

Document any and all recordings, comments, threats and other forms of harassment as crucial evidence for initiating protection mechanisms and/or court proceedings.

Seek support from CSOs, women’s support networks, and others who can help you choose the best way to protect yourself. 

Report any and all recordings, comments, threats and other forms of harassment to the platforms where they have been posted, and find out more about take down procedures on  Facebook and other platforms. 

And don’t forget, even if you originally gave your consent to be filmed, this does not imply consent for sharing that content. You are not to blame for being targeted with this type of assault.

 If you ever feel that the online violence you’re experiencing, might transition into the physical world, call the police → immediately. 

Password Authentication Recovery account Digital hygiene Phone/Tablet Encryption Location Report to platform Reputation Safety Support Sexual Harassment Pornography Computer/Laptop Criminal charges

Endangering physical and emotional safety and wellbeing by calling for violence against a particular person or group of people, including threats of rape and other forms of gender-based violence.
 

Threat is a serious form of assault and one that should be urgently addressed to best prevent it from being realized in the physical world. Report each and every threat to the police and the public prosecutor. 

As threats often cause fear and insecurity, art. 138 of the Criminal Code - Endangering safety - provides a suitable legal basis for initiating mechanisms of protection. 

 In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence  needed for filing the criminal charges. This charge is especially relevant for (female) journalists, as this charge provides for a higher sanction. 

ADVICE: Explain in detail how, why and when you feel unsafe, and detail your concern for the safety of your family and loved ones. These details could be the key to success when it comes to court proceedings.

In addition to reporting threats to police and digital platforms, inform your employer and document them . 

If you can, protect your mental health by taking a break from social media platforms, especially those spaces that can cause additional stress or fear for your safety. Create a network of support to help take over some of the work documenting the threats. Again, prioritize your physical safety above all else and If you ever feel that the online violence you’re experiencing, might transition into the physical world, call the police → immediately! 

Digital evidence Password Authentication Recovery account Phone/Tablet Malware Report to platform Safety Sexual Harassment Journalists Fear Media Computer/Laptop Criminal charges

The process of diligently and continually following someone’s activity online. The designation of stalking can be applied whether or not the stalker and target know one another in person.  Digital traces, data and other markers of our participation that show up on social media platforms and other websites have made stalking in the digital age a much easier task. As much as in the physical world, consequences on the targeted individual can vary, but could include an increased sense of insecurity, fear and the perception of an invasion of privacy.

Stalking, in the Criminal Code, is identified as a criminal offence (art. 138a), carrying that sanctions for not only the act of stalking but also for unlawful collection of someone else’s personal data, as a preliminary offence, prior to the instance(s) of stalking. However, the article does stipulate that to constitute stalking, the incident(s) must take place for a specified period of time. The intensity of stalking, and consequences felt by the target are not of critical relevance, but could be taken into account by the court during criminal proceedings.

If the incidence(s) of stalking fail to meet the time stipulates laid out in the Criminal Code art. 138a, then article 138 - Endangering safety - could also offer protections against acts that result in fear for one’s safety, and provides stricter sanctions if the target is a (female) journalist.  

In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence needed for filing the criminal charges. 

It is easier than ever to conduct private surveillance of public digital spaces using a number of different methods. For this reason, it is important to ensure that your tech-devices (phones, computers, smart speakers/doorbells, etc) and check if options (e.g. location, privacy settings) are best protected (turning off location tracking, strict privacy setting) and limited in their ability to share private data. 

As with all types of assault, targets of stalking should inform friends, family, partners and colleagues about the harassment, so you have a bigger network of support. If online stalking moves offline, to the physical world, you should immediately inform police and request protection. 

Check out these resources for improving your digital safety.

Digital evidence Password Authentication Recovery account Phone/Tablet Location Safety Support Identity Computer/Laptop Criminal charges Stalking

Identity manipulation or misuse of personal data is a serious threat with potentially far-reaching consequences. Whether the target is a person whose personal data has been misused, or someone else, the damage can be incalculable.

Due to the complexity and different manifestations of this category of assault, it is difficult to determine the legal basis offering the most suitable protection. In the case of fraud committed using the computer belonging to another person, and resulting in material or financial gain for the perpetrator, a criminal complaint may be filed under art. 301 (Computer Fraud).  Another criminal offense, the unauthorized collection of personal data (art. 146), must be initiated via private lawsuit, and therefore the identity of the perpetrator must be known.  

If a case of identity manipulation leads to psychological harm, or damage to reputation or dignity, then compensation may be claimed using civil legal procedures. Before initiating this type of lawsuit, the identity of the perpetrator as well as evidence substantiating the claim of identity manipulation and resulting harm must be provided.

 

Identity manipulation is often tied to financial fraud and online theft. There are different ways you can protect yourself from these crimes: limit the amount of money that can be transferred to another account, or taken out via ATM at one time, use at least a two-factor authentication system for your finance-related logins, and destroy old bank and other identity cards with sensitive data. 

If you are a victim of identity manipulation, inform the police as soon as possible, notify the financial institutions or websites where you have accounts and temporarily block compromised bank accounts and/or cards. 

Timely risk assessment and digital hygiene are important means of  prevention and protection.

Digital evidence Password Authentication Recovery account Phone/Tablet Damage Reputation Identity Cybercrime User account Computer/Laptop Access recovery System restore Criminal charges

Publicly disclosing personal information about a target, such as home address, familial status, bank and credit card details, date of birth etc. This information can be posted on one or many different platforms, in comment sections, or via video or text. 

Regardless whether or not disclosed data is utilised for harassment, the unauthorized posting of data alone, qualifies as doxxing, and is viewed as a type of online attack. As is often the case, when doxxing creates an imminent danger to safety, art. 138 of the Criminal Code - Endangering safety - could provide legal protection. In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence  needed for filing the criminal charges. This charge provides stricter sanctions if the target is a (female) journalist.

ADVICE: Explain in detail how, why and when you feel unsafe, and detail your concern for the safety of your family and loved ones. These details could be the key to success when it comes to court proceedings.

Art. 146 of the Criminal Code, Unauthorised Collection of Personal Data, which prohibits the collection, publication and use of data for purposes “other than those for which they are intended”, could provide the basis for legal protection. 

Document every instance and location in which your personal data was posted, and file this evidence with the police.

Immediately report doxxing and any other unauthorised publication of personal data to the websites or platforms where it was posted, and to the police. 

Follow-up on your report to better ensure they respond.  Immediate action is key to prevent further distribution of your personal information online.

Turn off location tracking options on your phone, Google maps, and other applications that collect your sensitive data (location, key address, etc). 

Put strict privacy controls on your social media profiles, and two-step authentication  systems for all website logins storing your sensitive data. 

Talk to the people you trust - colleagues, friends, employers. Urge the police to alert the platform to remove your personal data, and use website and platform reporting mechanisms. 
Deleteme is a tool that can help find and remove sensitive data online.

If you ever feel that the online violence you’re experiencing, might transition into the physical world, call the police → immediately. 

Digital evidence Password Recovery account Digital hygiene Phone/Tablet Location Report to platform Data leaks Reputation Safety Sexual Harassment Identity User account Computer/Laptop Criminal charges

The misuse of reporting or flagging mechanisms, or false claims of copyright infringement or other violations of Terms of Service or Community rules and regulations on social media platforms, for the purpose of blocking, suspending or preventing more extensive digital participation.

Similar to trolling, it is difficult to qualify false reporting as a criminal offense. Rather, it is seen as a misuse of social media platforms’  internal reporting mechanisms. Unfortunately, it is very difficult to find a remedy, as the mechanisms for reporting usually employ automated systems that often fail to offer adequate help. 

It is difficult to combat false reporting. Both Facebook and Twitter offer assistance for reactivating accounts that have been shut down due to false reporting. Unfortunately, these platforms are slow to respond to this particular issue, and creating a new account is generally a quicker solution. 
 

Digital evidence Password Authentication Recovery account Damage Tactic User account

Friends, family, partners, colleagues, employers, and other witnesses to the abuse, can be  targeted in the same or similar way as the original target. 

Retaliation can take many forms, so it can be linked to different criminal offences. If the assault results in the endangerment of safety, art. 138 of the Criminal Code  could provide a suitable legal basis for protection. In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence  needed for filing the criminal charges. This charge provides stricter sanctions if the target is a (female) journalist.

ADVICE: Explain in detail how, why and when you feel unsafe, and detail your concern for the safety of your family and loved ones. These details could be the key to success when it comes to court proceedings.

Assess as to if the assault could be qualified as offence, threat, harassment, doxxing, false accusation or another form of digital assault. Identifying the type of assault based on charges set out in the Criminal Code can increase your chances of success in accessing legal protections.

In addition to the many mechanisms of protection, a useful strategy for countering an assault is to publicly call out and condemn an attack without directly identifying or naming the perpetrator. If you opt for this tactic, assess the risk and continue to document  problematic responses, especially  if they are defamatory in nature. Surround yourself with friends, family and colleagues:  safety is in numbers.

Digital evidence Password Authentication Recovery account Phone/Tablet Location Report to platform Safety Support Computer/Laptop Criminal charges