Other human rights organisations often ask us what they should to when it comes to their infosec needs. Should they run their own mail server, or trust Gmail? Should they merge their calendars by email (!), a local server, or use some cloud solution?
We honestly don't know what to tell them. In fact, we are unsure of what we ourselves should be doing. We know that there are risks of keeping things local (e.g. lack of redundancy), and there are risks of data being stored…