Why cybersecurity matters for NGOs and non-profits

Why cybersecurity matters for NGOs and non-profits

Non-profits save lives. Across the globe today, thousands of charities and NGOs are working hand-in-hand with society’s most vulnerable, navigating difficult and unstable environments in a bid to help those in need.

But this important role also creates unique challenges. Many NGOs are tasked with handling highly-sensitive data — from whistle-blower testimony and survivors’ stories, to vital scientific data sets and donor information.

In these scenarios, a data breach could quite literally threaten the lives and freedom of vulnerable clients and human rights defenders.

Yet non-profits often don’t have the resources to fund a large IT team that can respond to internal and external threats.

Luckily, a little bit of forward-thinking, as well as choosing the right tools for your organization, can be all it takes to clamp down on emerging cyber risks.

Why cybersecurity matters for non-profits and NGOs

Ethical non-profits have a duty of care toward their users and clients. In the 21st century, that responsibility also extends to the digital realm.

The sensitive nature of many NGOs’ work means that any kind of data leak can be catastrophic. For non-profits that deal with human rights defenders, leaked information could mean watching as fellow activists are jailed or persecuted by government actors. For environmental groups, it could mean compromising the movements of park rangers or wildlife security teams. Stray documents could see the addresses or identities of abuse survivors falling into the hands of those that wish them harm. Any of these scenarios could have devastating and far-reaching consequences.

But the knock-on effects of a data breach can affect NGOs themselves. Almost all non-profits rely on funds, grants, and donations from outside organizations or individuals to carry out their work. Trust lies at the heart of all of these relationships — and the damage that a data leak can wreak on an organization’s reputation can also endanger these vital lifelines.

It’s also important to remember that non-profits are included under the same regulations as traditional companies and businesses, such as GDPR.

These laws require NGOs to store personal information safely and securely — and your organization probably retains a lot more of this data than you may initially think. Names and addresses needed from volunteers, bank details that inform fundraising activities, and the HR and payroll information for employees will all need to be protected under law.

Organizations of any kind that break these rules can find themselves facing large fines, as well as a wave of negative publicity.

How can NGOs protect themselves and their clients in the digital age?

While data protection can seem like a daunting task, in reality, a few simple steps can make all the difference in securing your organization’s most valuable assets.

One of the most important things that NGOs can do is take the time to sit down and examine how files and documents are stored and shared across their organization. This is also a good time to see if your workspace should be following any specific laws or regulations related to the country or region where you operate.

Ask yourself: How do employees and volunteers currently share and store sensitive data? Is there any chance that this information could fall into the wrong hands, such as through a mis-sent email, or a stolen laptop? Do you know which employees have access to specific documents? Do you have the power to revoke that access if a volunteer or team member leaves the organization?

The answers to these questions — and how you want to deal with them — will be specific to your individual workplace. However, if you don’t have set rules or policies related to how your non-profit deals with digital files, then now is the time to think about how these areas could be better handled.

As well as ensuring that your non-profit operates responsibly and legally, clear guidelines you will help everyone in your organization work quickly and coherently. It’s often far easier — and more secure — for teams to work together in a single digital space, rather than battling with a mix of platforms and apps.

It’s also important to research the digital tools that can help your organization. There are thousands of cloud-storage providers, collaboration spaces, and messaging platforms available on the market, but all of them will operate in slightly different ways. Even a basic understanding of how competing platforms work can make all the difference in choosing the right tools for the job at hand.

Encryption is a good example. Encryption is a way of altering data so that it can’t be read by outside eyes. Most mainstream digital tools will use encryption in some way to protect your information from unauthorized users.

However, the type of encryption that companies use can vary widely. Some organizations will use in-transit encryption — where data is only encrypted as it moves from one server to another. Others will choose “at rest” encryption, which kicks in when data arrives at its destination.

Tresorit uses end-to-end encryption, which means that data is secured both when it is stored, and from the moment it is sent from one device to another.

Different types of encryption will have different consequences. Digital platforms or tools that use at-rest or in-transit encryption for their clients’ data, for example, will often be able to access their customers’ files.

This risk doesn’t affect end-to-end encryption, where the decryption keys needed to access data in its readable are only available on users’ individual devices.

How digitalization benefits NGOs

But while taking your first steps into the world of cybersecurity can seem daunting, these digital tools can offer huge advantages to forward-thinking organizations — and you shouldn’t be afraid of embracing everything that cyberspace has to offer.

Cloud-based tools are a great way for dispersed and remote teams to come together and collaborate, allowing different employees to access files whenever and wherever. The same platforms also make a great option for NGOs who work with multiple partners and agencies, and some will offer tools that allow you to track which users have access to a particular document. This can be particularly important when working on fixed-term projects or with volunteers, as it allows you to easily revoke access as required and remain firmly in control of your own files.

Certain collaboration tools and workspaces will also use these same tools to create access logs, which allows you to keep an accurate record of who has opened, accessed, or edited individual documents and when. This automatically-generated paper trail can be a game changer for organizations that need to undergo regular audits or produce donor reports.

Digital working can pose new threats to organizations, but these are far outweighed by the benefits that modern technology to non-profit workplaces. Organizations don’t need grand or sweeping overhauls to thrive in the 21st century usually, but small and thoughtful changes that can make a lasting difference in day-to-day lives — something that most NGOs know all too well.

Interested in learning more? Tresorit supports organizations that work towards creating social good by offering discount off business licenses. Click here to find out more.

Join our upcoming webinar, where we will explore the incredible work of these organizations and see how Tresorit's contributes with a secure way to exchange information that might be a matter of life and death.