Cybersecurity Handbook for Civil Society Organizations

The rapid development of technology worldwide has made the digital sphere an increasingly integral element of contemporary societies. These technological advancements have significantly changed the way people live, work, communicate and perform services via the global online network. Civil society organizations are no exception to this aspect. They are increasingly relying on various digital tools to carry out their daily operations in a more efficient and sustainable manner. Upon the development of various social and digital platforms and applications, civil society organizations have the opportunity to communicate quickly and efficiently with their citizens, donors and supporters locally and globally. The development of these technologies has introduced new opportunities for NGOs in the field of activism and political influence, enabling them to organize awareness campaigns and promote their causes to a wide audience of followers. 

As the digital footprint of NGOs continues to grow, so does the risk to their privacy and security in the digital sphere. Cyber-attacks against this sector are on rise involving a range of tactics, including hacking official websites and communication systems of organizations, stealing sensitive data, misappropriating funds and spreading disinformation and fake news, among others. The consequences of such attacks are considerable and pose a serious risk to the regular functioning of NGOs. Some of the consequences that can be faced by the latter are damage to the reputation and image of the organization, which affects the loss of support and trust of donors, partners and groups with which the organization works; large financial losses; loss of information and other key resources of the organization, disruption of services and regular operations provided by the organization, and in extreme cases, permanent closure of the organization. 

Adverse to these risks, it is crucial that NGOs take concrete measures to improve their cyber security and minimize the risk they face. By good fortune, NGOs do not need to have advanced knowledge in the field of information technology to protect themselves from threats in the digital sphere. It is enough for them to allocate a part of time, financial and human resources to cultivate a safety culture within the organization. 

This manual was compiled with aim to serve NGOs in Kosovo, but not only, as a guide to develop and implement organizational security policies and strategies. The handbook presents good practices and concrete guidance as to how the organization, regardless of its scope, can minimize the risk it faces in the digital sphere. Some of the topics covered in this manual are the security plan and development of security culture in an organization, protecting electronic devices within the organization and securing access to them, protecting records, cyber security, physical security and what to do in case of incidents.