Non-profit organizations are increasingly grappling with the threat of cyberattacks and turning to their funders for support. For most grantmakers, however, cybersecurity is not an area of expertise. Reflecting the universality of the cybersecurity threat, eight donor affinity groups offered this webinar focused on how funders can support grantees in addressing and responding to digital security concerns.

 

Content included:

  • A debrief of the Digital Security & Grantscraft Guide: An introductory guide for funders created through a collaboration anmong the Ford Foundation, Open Society Foundations, macArthur Foundation and the Citizen Lab. 
  • Lessons learned and strategies pursued by a donor that has recently invested in digital security as an area of concern for his/her grantees.
  • Discussion of the strategies and infrastructure already built and in use, particularly as related to grantmaking focused on the Global South, for rapid response/ emergency cybersecurity-related grantmaking.

Speakers

  • Michael Brennan, Technology Program Officer, Ford Foundation
  • Meerim Ilyas, Senior Program Officer, Urgent Action Fund for Women
  • Eric Sears, Senior Program Officer, MacArthur Foundation

RESOURCES

Digital Security & Grantscraft Guide: An introductory guide for funders

Data Security Survival Guide for Evaluators 

Recording  (available to FCCP members through the member portal)

Key Takeaways

  • There is no such thing as no risk. Organizations commonly lack internal structures, policies and expertise to effectively shore up their systems. We need to adopt a “harm-reduction” approach that increases defenses and makes hackers work harder so there are fewer successful hacks. You would not give a grant to an organization that does not have a front door. Similarly, cyber security ought to be considered.
  • Grantees should not work in a piecemeal fashion. They should start by thinking systematically and activate two-factor authentication across all services and platforms. Wherever it is offered, turn it on! (If John Podesta had done this, the DNC would not have been hacked.) There is no one-size-fits-all cost for bringing in an expert; it varies depending on the organization’s needs.
  • Assess you grantee’s risk. You don’t have to be an expert. The Digital Security & Grantscraft Guide makes it simple for any program officer to identify high-risk cases within your portfolio. You will learn how to spot red flags that you can elevate within your institution.
  • One-off support will not solve this for your grantees. Experts that parachute in then out do not provide meaningful long-term help that leads to the institutional behavior change needed for an organization to be secure over the long term. Plan to support the long-term needs of your grantees.
  • Practice what you preach. Don’t forget to assess your own institution’s risk! Identify champions: people within your institution that can advocate for digital security by involving people in different program areas and IT.

 

This webinar was brought to you by these funder affinity groups: