In a new era of borderless data sharing, over 50 countries are racing to protect and control the digital information generated by their corporations, government entities, and private citizens.
For NGOs and charitable organizations, the increase in stringent regulations presents a challenge – one that stifles the way data can move around the globe and vastly complicates humanitarian operations.
To explore this increased complication in an era of digital sovereignty, we gathered three NGO innovators and Virtru customers:
When asked what keeps our panelists up at night, and gets them up in the morning, the answers were two sides of the same coin; protecting data means protecting people, and failing at that mission could mean real-life harm.
"When you work in the nonprofit space," said panelist Matt Mitchell, "the civil society space, NGO space, it's oftentimes that cyber attacks—issues around privacy, issues around secure collaboration—affect a person's livelihood. It could affect someone's freedom."
From dawn to dusk, our panelists are fueled by a passion to protect the data of the most vulnerable. Here are four main lessons we gathered from our discussion on data security in the humanitarian world.
Data is connected to people — whether it's about a person, or being used by a person. Protecting data has tangible consequences, and in the humanitarian space, it can be life or death. Data protection can mean the difference between carrying out your mission or causing damage.
Howard opens this concept up to the panel, by asking how their work connects to "the real world."
For Couturier at Croix Rouge (the French Red Cross), the data flowing in and out of their organization is connected to over 200,000 Ukrainians seeking refuge. Croix Rouge, along with Care USA, Ford Foundation, CryptoHarlem, and other NGOs, must safeguard this data as an extension of their physical humanitarian efforts. Privacy is a form of safety for all of the people our panelists serve—and it's a form of respect.
"When you have a door that allows you to open it and let a friend in and see how you live, and maybe have a nice meal with you—that's privacy," says Mitchell. "That’s the same reason why most people put curtains on their windows and would even want a curtain for their shower. Even if no one’s going to be there. Privacy is just the idea that it allows you to have levers of agency and control over what's shared and what's not.”
Just as there are human beings motivating the need for data privacy, there are human beings behind the tech that protects data. And the term “Zero Trust” can occasionally connote secrecy when in reality, it's a mechanism for accountability at all levels.
"When you have something that's like a Zero Trust system, it's a system where you actually have the most amount of trust," said Mitchell, "that no one can do something outside of their purview or their job title.”
Howard and Tuan both agreed that Zero Trust in action feels more like "trust, but verify."
"It's not I don't trust you," said Tuan. "I'm applying the same measure across the board to reinforce certain standards to protect the bigger picture."
When it comes to keeping the mission alive, trust and privacy are intrinsically tied. From trust from donors to trust from the people being served, maintaining a posture of security can ensure that the mission moves forward.
"The data breach on separate incidents, the ransomware situation, or anything—negative news in the media saying 'CARE cannot protect participants or donors information or security'—that would really impact care's bottom line," said Tuan. "And those are the things that keep me up at night because I need to make sure the cybersecurity, operation, reliability, all of that is in place, so we continue to do our best for our participants and our donors... in the non-profit sector, it's really a life and death situation. With doing things, collecting information, generating reports to impact people's lives."
Many data breaches have adverse effects on people, but for organizations like Care, Red Cross, and Ford Foundation, a breach could affect their ability to continue on with their work, and more importantly, could cost lives.
"[There] used to be a time we were not considering ourselves as a privileged target. That's meaning, of course, industry or business finance," says Couturier. "But now we've been targeted, and very recently half a million of private data information has been stolen and hacked, not from us, but directly to the International Committee of Red Cross and Red Crescent. And half a million of personal information has been stolen and that information was concerning refugees."
Now more than ever, data protection and privacy are needed to fulfill these charitable missions. And when it comes to crossing borders to provide aid, a data protection strategy must employ a key value: neutrality.
In a world with political tensions spilling over, neutrality is hard to come by. For security professionals like Couturier of Croix Rouge, this is especially true of regional conflicts like Ukraine where a lack of neutrality can close borders where work needs to be done.
Tuan points out that external forces can present a challenge for NGOs, as many localities' unique laws surrounding cybersecurity can prevent organizations from accessing people in need or deploying solutions.
"Two years ago, the US banned Huawei, a kind of cell phone technology," said Tuan. "Also years ago, the US administration came back with [banning] TikTok, and then some talk about Instagram, and something about Twitter. All these are technology tools that we use to either facilitate a social impact or to put in a solution."
From an internal view, neutrality exercised in Zero Trust strategy is something all panelists can agree on.
"I think in all systems of cybersecurity, of privacy, it's important to also think about balancing things through a neutral lens," said Mitchell. "I would challenge anyone to kind of take up Yves's positioning because I think it's a really powerful one if we see each other outside of the superficial, and we connect on that deeper human level."
You can watch the full webinar on-demand below.