• News
    • Latest news
    • News search
    • Health
    • Finance
    • Food
    • Career news
    • Content series
    • Try Devex Pro
  • Jobs
    • Job search
    • Post a job
    • Employer search
    • CV Writing
    • Upcoming career events
    • Try Career Account
  • Funding
    • Funding search
    • Funding news
  • Talent
    • Candidate search
    • Devex Talent Solutions
  • Events
    • Upcoming and past events
    • Partner on an event
  • Post a job
  • About
      • About us
      • Membership
      • Newsletters
      • Advertising partnerships
      • Devex Talent Solutions
      • Contact us
Join DevexSign in
Join DevexSign in

News

  • Latest news
  • News search
  • Health
  • Finance
  • Food
  • Career news
  • Content series
  • Try Devex Pro

Jobs

  • Job search
  • Post a job
  • Employer search
  • CV Writing
  • Upcoming career events
  • Try Career Account

Funding

  • Funding search
  • Funding news

Talent

  • Candidate search
  • Devex Talent Solutions

Events

  • Upcoming and past events
  • Partner on an event
Post a job

About

  • About us
  • Membership
  • Newsletters
  • Advertising partnerships
  • Devex Talent Solutions
  • Contact us
  • My Devex
  • Update my profile % complete
  • Account & privacy settings
  • My saved jobs
  • Manage newsletters
  • Support
  • Sign out
Latest newsNews searchHealthFinanceFoodCareer newsContent seriesTry Devex Pro
    • Opinion
    • Technology

    Opinion: Information security needs to be a priority of international development

    For most international development organizations, cybersecurity is as much a management issue as a technical issue. How can they harden their cybersecurity posture?

    By Shannon Stewart // 13 January 2021
    “For most organizations, cybersecurity is as much a management issue as a technical issue.” Photo by: cottonbro from Pexels

    Imagine for a moment that your organization has developed a mobile app that allows clients to access a government entitlement. You have contracted a company to develop the app. One of its competitors exploits a misconfigured application programming interface setting and demonstrates that your contractor was not adequately securing the personal information of your clients. Passwords and PIN numbers were stored in clear text.

    Although there is no evidence that the security lapses affected the administration of the program, clients and governments have lost trust in your organization. Do you have the knowledge and ability to appropriately vet contractors? Is security a high enough priority in your operational risk mitigation? Do you have experts you can consult to develop standards that are consistent with modern security requirements for products in other fields?

    Our foremost ethical obligation in international development is to our clients, and this extends to developing technology tools and the stewardship of their data. This includes both maintaining the privacy or anonymity of client data where appropriate, but equally importantly it means ensuring that their data is included in datasets that inform crucial policy decisions.

    Maintaining this balance requires careful consideration, planning, and buy-in from every member of an organization. It also requires organizations to lead with their values in developing cybersystems.

    Stewardship of personal data can reflect on an organization’s reputation. The organization itself must be a trustworthy brand to protect both its mission success and employees. A series of privacy breaches at Facebook may have dimmed public opinion of the company in recent years.

    For international development organizations, privacy stumbles could not only endanger vulnerable clients, but also sour donor relationships and embarrass or even endanger employees, who may become targets of disinformation or harassment campaigns. There also may be legal exposure for development organizations related to their handling of personal information.

    Our foremost ethical obligation in international development is to our clients, and this extends to developing technology tools and the stewardship of their data.

    —

    Nonprofit and social purpose organizations are generally not exempt from data protection and privacy regulations. The European Union’s General Data Protection Regulation, or GDPR, does apply to nonprofit organizations, and even organizations outside its jurisdiction may face judgments under GDPR if they are collecting or processing data on EU citizens or residents.

    How can international development organizations harden their cybersecurity posture? For most organizations, cybersecurity is as much a management issue as a technical issue. Some basic first steps to operationalizing it include mapping existing policies to understand where improvements or clarifications are needed. It may not be possible to achieve an ideal cybersecurity posture instantaneously, so it is also wise to prioritize:

    1. A way to contain organizational data, ensure its continuity, and separate it from staff members who depart the organization.

    2. Strong authentication to access organizational data.

    3. The use of authentic, licensed, and supported software on all organizational devices.

    The NIST 800 series — published by the National Institute of Standards and Technology — provides some helpful guidance for further policy mapping that includes areas such as asset management and travel policies. One of the management principles of GDPR — the appointment of a data protection officer, even if that is a member of leadership with other responsibilities — ensures that the cybersecurity equity has a voice in organizational decision-making and can set a good example for the rest of the organization.

    Data security is integral to mission success, and it doesn’t just mean protecting data subject privacy. After all, most modern development organizations could not function without computers or tablets used by staff members, smartphones, and other internet-enabled devices utilized in daily operations.

    While we often think of information security as locking down data, an equally important aspect is ensuring that data is available when it is needed, which includes planning for hardware failures, creating redundancies for critical systems, and planning for incident recovery.

    It is also important to consider how we can improve our security practices collectively as a field.

    NGOs urgently need to take on cybersecurity

    “Every single NGO I know has had a breach — they just didn’t know about it,” one expert in the field says.

    Funders should include support for capacity building around cybersecurity, including but not limited to expert staff members or consultants. Where possible, development organizations should leverage programs such as TechSoup to take advantage of reduced cost or donated software, hardware, and services that can help support their cybersecurity capacity. We should also keep abreast of new developments in standards-setting and privacy-preserving technology that can help us share client data without compromising individual privacy.

    For funders, it is important to meet organizations where they are, providing clear actionable advice without fostering shame. Equally, it is important for all parties to keep a learning attitude; this is a rapidly changing field, and the conventional wisdom of a few years ago may no longer be relevant.

    Funders can encourage peer mentorship and facilitate the sharing of best practices and highlighting local threat models. Platforms and norms are different for different linguistic and geographic communities, and relevant threats are not the same everywhere. No one knows local threat models like locals, and this can help organizations invest wisely in their own resilience to prioritize threats according to peers in the same issue space and geography.

    • Innovation & ICT
    Printing articles to share with others is a breach of our terms and conditions and copyright policy. Please use the sharing options on the left side of the article. Devex Pro members may share up to 10 articles per month using the Pro share tool ( ).
    The views in this opinion piece do not necessarily reflect Devex's editorial views.

    About the author

    • Shannon Stewart

      Shannon Stewart

      Shannon Stewart has over 10 years' experience in empirical research, modeling, and statistics, with a strong interest in supply chains and cybersecurity. As senior data scientist at the Global Fund to End Modern Slavery, she develops original models for supply chain risk, conducts research on illicit financial transactions, and oversees some research on the prevalence of forced labor.

    Search for articles

    Related Stories

    The Trump EffectOpinion: Trump’s war on science imperils global development and cooperation

    Opinion: Trump’s war on science imperils global development and cooperation

    Devex Career HubDevex Career Hub: The top USAID-funded NGOs hiring now

    Devex Career Hub: The top USAID-funded NGOs hiring now

    Global healthOpinion: 5 ways to thrive despite Trump’s anti-abortion global gag rule

    Opinion: 5 ways to thrive despite Trump’s anti-abortion global gag rule

    Devex Career HubDevex Career Hub: Who is still hiring in the US

    Devex Career Hub: Who is still hiring in the US

    Most Read

    • 1
      How low-emissions livestock are transforming dairy farming in Africa
    • 2
      Opinion: Mobile credit, savings, and insurance can drive financial health
    • 3
      Opinion: India’s bold leadership in turning the tide for TB
    • 4
      How AI-powered citizen science can be a catalyst for the SDGs
    • 5
      WHO names new directors in ongoing restructure
    • News
    • Jobs
    • Funding
    • Talent
    • Events

    Devex is the media platform for the global development community.

    A social enterprise, we connect and inform over 1.3 million development, health, humanitarian, and sustainability professionals through news, business intelligence, and funding & career opportunities so you can do more good for more people. We invite you to join us.

    • About us
    • Membership
    • Newsletters
    • Advertising partnerships
    • Devex Talent Solutions
    • Post a job
    • Careers at Devex
    • Contact us
    © Copyright 2000 - 2025 Devex|User Agreement|Privacy Statement