Is your NGO cyber secure from data theft?

  1. The issue

NGOs are vulnerable to loss of critical information because of hacking. Security looks at confidentiality, integrity and availability of data. Many NGOs think their information is confidential, yet outsiders can easily access it. They think their emails are safe, yet they send plan text emails which are easy to intercept, read, modify and send with potential to cause havoc and loss of key partners. And many NGOs systems like emails, core financial systems are vulnerable to downtime and they never get to know the causes for it.

System downtime, delayed emails and disclosures of secrets are tell-tale signs of security breaches.

The world has transformed a big deal. In the past, a lot of documents were manual. Today, over 95% of all documents are first created using computers. And lots of data is in electronic form. Top executives use mobile phone, computer and hard drives to store information. These systems are vulnerable to hacking. Motivated hackers don’t have to physically break-in your office to access confidential information of interest.

  1. The cause

Many, if not all, NGOs now use computers and related applications to process and store critical confidential information in digital form also called electronically stored information (ESI). Key information concerning incoming funds, use of funds, employee details, program details, budgets, strategy and workplans are all in digital format in one way or the other.

Despite high use of computer systems, many NGOs do not invest in cyber security. You will find a typical NGO spends over Ugx. 10m monthly at minimum in physical security to manage physical access and prevent theft. However, computers, mobile phones, email servers and other critical servers that keep the most expensive resource – data – are not secured. Majority of NGOs never invest even 20% of their total security spend in preventing hacking as well as conducting on-going hacking threat intelligence to identify the source of rogues.

  1. The solution

Recognize the increasing threat of cyber security breaches to the organization. Start by creating awareness at the board level of the criticality of information technology security. I once investigated a cyber stalking case at an NGO, where all the issues that were being written about had just been discussed at a recently concluded board meeting. On further scrutiny, one of the Board members had been hacked.

The board member’s mistress had exploited trust by auto forwarding all emails to herself. Every time board minutes and papers were sent, the mistress got a copy. She would then use such privileged information to stay ahead of the board. Not all hacking is technical. Someone listening to your phone conversation in a restaurant is a hacker. Someone checking your rubbish bin at home for any document you have put in there with personal information is a hacker. The art is exploiting the victim using the easiest means. You need a cyber security expert on your board of directors since technology is mission critical today.

For any other areas of good governance, visit our to change the way you see your organization and transform.


In the next Newsletter, Issue 4, I will share about the increasing risk of staff fightbacks. We have noted increasing case of anonymous emails sent to donors and other partners especially after staff terminations. The emails are malicious intended to create confusion and termination of funding by the donors. We explore how you can manage such potential risks before they occur as they pose high reputational strategic risks. You cannot afford to miss the next issue. Know someone who would benefit from these insights? Subscribe them below or forward this newsletter to them. Thanks for sharing.



Subscribe to the Transform your NGO mailing list

* indicates required


Share this

Leave a Comment


Scroll to Top
Chat with us
Chat with us
Questions, doubts, issues? We're here to help you!
None of our operators are available at the moment. Please, try again later.
Our operators are busy. Please try again later

The data collected by this form is used to get in touch with you. For more information, please check out our privacy policy
Have you got question? Write to us!

The data collected by the chat form is used to get in touch with you. For more information, please check out our privacy policy
This chat session has ended
Was this conversation useful? Vote this chat session.
Good Bad