NGOs should be concerned about Digital Security!
Digital security is often not a priority for NGOs as they convince themselves that they are so public about their mission and their information is always for public consumption. However, it is no longer contestable that the operating environment for NGOs and Human Rights Defenders in Uganda has been increasingly narrowing over the last couple of decades. This situation is compounded by the regressive legal and regulatory framework that emphasizes control rather than regulation; numerous unresolved break-ins of NGO offices; and in extreme cases intimidation, arrests and or murder of NGO workers and human rights defenders.
The effects of this shrinking and risky operating environment is not only aggravated by limited knowledge of possible ways to protect civic actors and human rights defenders from harm but also a lack of skills in the basics of digital and physical security. What this means, is that, most civil society organizations and their staff do not have the necessary skills to navigate this complex environment. This has greatly hampered the effectiveness of their work and more specifically induced civic actors to withdraw from actively carrying out their mandate.
NGOs are often victims of attacks because they are believed to be aggregators of information that can be used for commercial gain as they are often seen as a trusted source of information. In some instances an attack could embed code onto the site so that visitors could be attacked from what they would believe to be a trusted source.
We are skeptical that laws will ever provide a framework on which NGOs can rely for their security as government is frequently the most active transgressor of NGOs’ digital security. To avert this negative trend and possibly mitigate the potential effects and risks associated with the increasing security threats; security training is for key for civil Society actors.
Many times we know there are risks in the digital world but we do not know what to do about them. How do these threats work? How important is digital security? Where do we even start? It is upon this background that UNNGOF in partnership with DefendDefenders scheduled a two-day training on 10th and 11th October 2019 at Imperial Botanical Beach hotel for its board members, staff and select sub national partners to equip them with the basic skills and knowledge in physical, digital and integrated security as a pre-requisite to operate in an increasingly hostile environment.
Participants had a depth understanding of the different concepts i.e. security, safety and protection. They also had discussions around the difference between physical, digital and integrated security, security management cycle, approaches to security management which include; Pestelto, stakeholders and Actors analysis, Risk Assessment, Stress management and security planning. The training was interactive and participants shared experiences on the security challenges encountered in the past and how they overcame.
DefendDefenders provided participants with software used to protect their work and gadgets from hackers such as; Virtual Private Network (VPNs) and Malware. They also undertook exercises on how the internet works, device security hygiene checks, backup with Google drive and online security focusing on the phishing trail.
Throughout the two days, participants clearly comprehended what digital security entails and how they can protect their work from hackers. Participants were challenged to reflect on their practices, take practical steps to improve their online security.