Listen to Lucy Bernholz, Josh Levy, and Kate McKenney discuss challenges, strategies, and processes for creating a strong practice and culture of data security at nonprofits and foundations.
Every nonprofit, foundation, and civil society organization is now digitally dependent, and managing digital resources safely, ethically and effectively is a core competency for these organizations. Digital security is a key aspect of this capacity, but one that remains a systemic, sector-wide challenge, particularly for resource-constrained nonprofits.
Digital Impact hosted a virtual roundtable with experts in digital security and strategy to discuss processes, policies, and approaches for implementing and managing digital security as part of an organization’s overall data governance plan.
Moderated by Lucy Bernholz, director of the Digital Civil Society Lab at the Stanford Center on Philanthropy and Civil Society, the panel included Josh Levy, founder of the Digital Security Exchange and Non-resident Fellow at Stanford’s Digital Civil Society Lab; and Kate McKenney, Digital Director at the Natural Resources Defense Council.
In addition to digging into digital security processes like threat modeling, the panel discussed the challenges and responsibilities that civil society organizations face in creating and maintaining a strong and sustainable practice of digital security and data governance.
A few highlights:
- Digital security is a human problem, not a tech problem: Josh and Kate discussed how digital security is rooted in human behavior and relationships, with cross-organizational buy-in, digital security literacy, and behavior change essential for effective, sustainable practice.
- Look to outside help for effective audits and solutions: Josh discussed how external digital security experts and capacity builders can bring fresh eyes and much-needed expertise to assess and develop an organization’s digital security capacity. (The new Digital Security Exchange is working to build connections between civil society organizations with data security needs and experts who can help.)
- Digital security is not just good practice, it’s increasingly mission-critical: Josh described how digital security is a large and growing part of the equation for civil society organizations, particularly data-centered ones; and Kate discussed how the data and systems analysis involved in digital security can not only create more secure systems but spark new insights for strategic decision-making.
- Digital security is institutional, not individual – and not just IT: Josh, Kate, and Lucy discussed how digital security is an inclusive, iterative, and comprehensive set of policies, processes, culture, and behavior across the organization; there are no quick technological fixes, everyone – from volunteers to Board members – is involved, and the process is ongoing as threats, systems, personnel, and other factors change and evolve.
To listen to the full discussion, use the audio player above or visit the Digital Impact podcast on iTunes.
Looking for more information on this topic? The following resources are recommended by our featured speakers:
- Surveillance Self-Defense
- A step-by-step guide to digital security developed by the Electronic Frontier Foundation
- Digital Security Exchange
- A new hub (currently in development) for connecting digital security capacity builders with civil society organizations and communities
- Access Now
- A global digital rights advocacy, policy, and technology organization
Have thoughts or insights to share about data security for civil society? Chime in below with a comment!