This chapter discusses digital risks and their real-life consequences for aid workers. It provides an overview of potential mitigation measures, as well as the challenges presented by harmful information, such as misinformation, disinformation, malinformation and hate speech.
Digital threats to humanitarian organisations are widespread and multifaceted. They can include malware or spyware installed via apps or links, targeted hacks and data breaches, and network exploitation (use of untrusted and potentially hostile networks, e.g. fake wifi). Individual staff members can be vulnerable to online harassment and hate speech or cyber-crime such as identity theft. Direct targeting of aid workers is a growing and serious threat, particularly for those in public-facing roles or from under-represented or marginalised groups (e.g. women and individuals who identify as LGBTQI+). Organisations (and the aid sector generally) can face risks stemming from online smear campaigns propagated by hostile actors.
While responsibility for digital security often falls under IT, security staff are increasingly involved in digital security discussions, as digital threats can have significant physical security implications for aid workers. For instance, hacking or unauthorised access to sensitive data, such as travel itineraries or personal information, can lead to targeted physical attacks, kidnappings and harassment by hostile actors. Security staff need to understand the types of digital threats aid workers may face and how they can work with other organisational teams to mitigate digital risks, including promoting digital hygiene practices.
The nature of digital threats can vary depending on the level of the target, which can be an individual, a specific organisation or the aid sector overall. While there is often overlap (e.g. individuals may become victims when their organisations are targeted), it is beneficial for organisations to discuss the specific risks and implement measures to mitigate threats across all three levels. This may be particularly helpful in regard to the risks of harmful information.
Harmful information (misinformation, disinformation, malinformation and hate speech) is becoming a serious threat to aid organisations. Examples include spreading false information about aid activities, discrediting humanitarian reports or intentions, and impersonating humanitarian personnel for ulterior purposes. Mitigation measures may include sensitising and training staff, building strong networks with partners for information verification and counter-messaging, and systematically monitoring content and changes in perception (‘social media listening’).
Digital threats, including harmful information, should be incorporated into existing risk assessment processes. Organisations can equip responsible personnel, such as social media staff, with the tools needed to consider harmful information risks directly. Key staff should know what technology is being used within the organisation and ensure that there are protocols and platforms for managing devices securely.
Digital hygiene practices are essential and can help to maintain a consistent digital security baseline by promoting good, repeatable behaviours and protocols. Staff require training and support in understanding and following these protocols. Examples include:
When weighing the risks and benefits of different apps and platforms for communication, there are three things to consider.
Open-source apps hosted in countries with robust privacy protection laws and good security practices will be more secure than proprietary apps hosted in countries where the government controls the network and privacy laws are ignored or unenforced.
Is the data stored only on the device itself? Is the data stored in the servers of a private company, government or non-profit? It is important to know where the data is located and what path it takes in order to properly assess the security of a particular app.
A highly secure app may be a poor option if it is unavailable for download in a particular country, if it cannot be installed on the devices used by the majority of staff or if it is unfamiliar or difficult to use.
Access Now (2020) Digital security helpline: Self-doxing guide.
Blake, J. (2020) Disinformation and security risk management for NGOs. GISF.
Front Line Defenders (n.d.) Security in-a-box.
GISF (2020) Module 4: Digital security. In Security to go: a risk management toolkit for humanitarian aid agencies.
GISF (2023) Online risk to real-life harm: Disinformation and social listening workshop resources.
GISF (n.d.) Digital security. NGO Security Toolbox.
GISF (n.d.) Digital security resources. Communications technology and humanitarian delivery.
GISF (n.d.) Resources & background materials (DCS). Digital cyber security.
Insecurity Insight (n.d.) Social media monitoring.
Kumar, M. (2017) Digital security of LGBTQI aid workers: Awareness and response. EISF.
Tactical Tech (n.d.) Holistic security manual.
