When I first started training activists and civil society organisations on digital security, I assumed the biggest challenge would be technology. I thought people would struggle mainly with tools, software, and systems.
I was wrong.
The real challenge has always been mindset.
Over the past five years, working with human rights defenders, journalists, environmental activists, and community organisers across Uganda and beyond, I’ve learned that digital security is less about apps and more about habits, confidence, and culture.
Most attacks succeed because of routine
Almost every serious digital incident I’ve handled started with something simple:
- A reused password
- A rushed click
- A shared device
- An unsecured backup
- A forgotten old account
Not because people are careless, but because they are busy, under pressure, and focused on their work.
Attackers understand this. They don’t fight technology. They exploit routine.
Fear blocks learning
Many activists are afraid of “getting things wrong” with technology.
They avoid asking questions. They pretend to understand. They delay changes.
In trainings, I’ve seen people relax only when they realise:
Digital security is not about perfection. It is about improvement.
Small steps matter.
Tools don’t protect people. Practices do.
You can install the best VPN, antivirus, and encryption tools.
If your habits are weak, you are still exposed.
Strong practice looks like:
- Updating devices
- Checking links
- Verifying requests
- Backing up work
- Questioning urgency
- Protecting recovery emails
This is what keeps people safe.
My biggest lesson
The strongest defenders are not the most technical ones.
They are the most consistent.
That is what I now focus on in my work: building confidence, not just capacity.