Call for Applications Digital Resilience Fellows

Digital Resilience Fellowship 2026

by Digital SecurityDigital Security

Defenders Protection Initiative (DPI) is pleased to announce the launch of the Digital Resilience Fellowship 2025–2026, a targeted program designed to strengthen the digital safety and resilience of grassroots human rights defenders and civil society actors across Uganda.

About the Fellowship

As digital threats continue to evolve, many organizations and frontline defenders particularly in underserved regions face increasing risks such as surveillance, account compromise, online harassment, and data loss.

This Fellowship responds to that reality by supporting a small, carefully selected cohort of individuals embedded within organizations, who are positioned not only to strengthen their own digital safety, but also to extend these skills to the teams and communities they work with.

What the Fellowship Offers

Participate in an 8-week structured mentorship

Be paired with a mentor from the Digital Security Alliance (DSA)

Strengthen digital resilience within their organizations

Share practical digital security knowledge within their communities

Receive hands-on support in device security, secure communication, account protection, data backups, and incident response

Who Should Apply

This Fellowship is intended for individuals who are:

  • Actively working within a civil society organization or community-based initiative
  • Engaged in work related to human rights, environmental protection, media, or civic engagement
  • Operating in Northern, Eastern, Western, or Southern Uganda
  • Facing or exposed to digital risks in their work
  • Committed to applying and transferring digital security skills to their organization and community

How to Apply

Interested applicants can submit their application through the link below:

At DPI, we recognize that digital security is no longer optional, it is essential to sustaining civic space and protecting those working at the frontlines. Through this Fellowship, we aim to build a network of digitally resilient actors who can safeguard not only themselves, but also the communities they serve.

APPLY NOW
dpi-self-assessment-v2_s

Digital Security Self-Assessment Tool for Defenders

by Digital SecurityDigital SecurityProjects/Our Work SectionRisk Assessment

Human rights defenders, journalists, activists, land and environmental defenders, and wider the civil society organizations face a growing wave of digital threats from surveillance, hacking, phishing, account takeovers, and data theft. These attacks are designed to silence, expose, and intimidate those doing vital work.

Yet most defenders and organizations have never assessed their digital security posture or know where to begin.

This free Digital Security Self-Assessment Tool we developed is built for anyone on the frontlines whether you are an individual activist, a journalist protecting sources, a land defender in the field, or a civil society organization managing sensitive beneficiary data.

In under 30 minutes, work through 70 indicators across 10 security domains including secure communications, device security, data protection, account security, incident response, and more. You will instantly receive a personalized risk score and a prioritized action plan showing exactly what to fix and in what order.

Free. No account needed. Your responses never leave your browser.

Take An Assessment!
Computer security, privacy, data protection concept with account verification system with login and password, padlock, key and email icon, 3d render illustration isolated on white background

The 2015 Trap: Why Your Passwords are Failing You (and How to Fix Them Before It’s Too Late)

by Digital Security

Think back to 2015. You likely had a different phone, a different hairstyle, and maybe even a different job. But if you’re like 60% of people today, you are likely still using the exact same password strategy you used a decade ago.

At Defenders Protection Initiative, we’ve seen how the digital landscape in Uganda has shifted. From the implementation of the Data Protection and Privacy Act to the rise in sophisticated phishing targeting Human Rights Defenders, the stakes have never been higher.

The uncomfortable truth? While we’ve upgraded our gadgets, our “digital front doors” – our passwords – are still using 2015 locks in a 2026 world of high-tech “digital crowbars.

Why “Complexity” is a Myth

For years, we were told to use things like P@$$w0rd123!. We thought we were being clever. We weren’t.

Modern hackers aren’t guessing your password; they use Graphics Processing Units (GPUs) that can test billions of combinations per second. To a computer, “P@$$w0rd” is just as easy to crack as “password.” The real danger today isn’t just a lack of symbols; it’s reused habits. If you use the same password for your work email as you do for your Netflix or Jumia account, you aren’t just at risk—you are an open door.

The New Rules of the Game

For Civil Society Organizations and HRDs in Uganda, a compromised account isn’t just an inconvenience; it puts sensitive data, sources, and safety at risk. Here is how to evolve:

1. Length is King (The Passphrase Shift): Forget “passwords.” Start using Passphrases. A string of four or five random words like Boda-Mango-Sky-Table-Blue is nearly impossible for a computer to crack but incredibly easy for you to remember.

2. Stop Being Your Own Vault: You shouldn’t know your passwords. Use a Password Manager. It generates unique, unbreakable codes for every site and stores them behind one master key.

3. The “Second Lock” (MFA): Multi-Factor Authentication (MFA) is your best friend. Even if a hacker steals your password, they can’t get in without the code sent to your phone or app. Think of it as a deadbolt on your digital door.

Taking Action: Beyond the Screen

At DPI, we believe that digital security complements physical security. Protecting your data is protecting your mission.

  • Audit Your Team: When was the last time your organization updated its digital hygiene policy?
  • Get Trained: DPI offers Digital Security Clinics specifically designed for Ugandan CSOs to navigate these threats.

Don’t let 2015 habits jeopardize your 2026 impact. The hackers have upgraded, it’s time you did too.

Need a hand securing your organization?

Check out our [Mini Digital Security Handbook] or contact us for a consultation. Let’s keep the defense strong

DPI ToolKit

Digital Security Toolkit for Rights Defenders

by Digital SecurityProjects/Our Work SectionSecurity

Defenders Protection Initiative (DPI) has developed this Digital Security Toolkit to support human rights defenders and civil society organisations in strengthening their digital safety and resilience.

As defenders increasingly rely on digital tools to communicate, document abuses, and organise communities, they also face growing risks such as phishing attacks, account compromise, surveillance, and online harassment. This toolkit provides practical guidance to help organisations and individuals better understand these risks and adopt safer digital practices.

It includes simple recommendations, tools, and steps that defenders can use to secure their devices, protect sensitive information, and respond to digital security incidents.

This resource is intended for human rights defenders, civil society organisations, journalists, and community activists working in challenging environments.

Download the ToolKit
cyberattackscsos

Why Small Civil Society Organisations Are Becoming the New Targets of Cyber Attacks

by Civic SpaceDigital SecuritySecurity

For a long time, cyber attacks were associated with governments, big corporations, and major institutions. Small civil society organisations were often overlooked. They were seen as too small to matter, too insignificant to target.

That reality has changed.

Across Uganda and the wider region, Defenders Protection Initiative (DPI) is witnessing a steady rise in cyber attacks against small and medium-sized CSOs. These organisations, often operating with limited budgets and small teams, have become attractive targets for a wide range of actors.

Understanding why this is happening is the first step toward defending against it.

Small CSOs hold powerful information

Even the smallest organisation often manages sensitive data:

  • Lists of beneficiaries
  • Testimonies from survivors
  • Reports on abuses
  • Donor records
  • Financial documents
  • Contact details of activists
  • Internal strategies

For adversaries, this information is valuable. It can be used to intimidate individuals, disrupt projects, discredit organisations, or manipulate communities.

An attacker does not need to break into a ministry database if they can access the same information through a poorly protected NGO system.

Limited resources create easy entry points

Most small CSOs operate under serious financial pressure. They prioritise programme delivery over infrastructure. As a result:

  • Old laptops remain in use for years
  • Software updates are delayed
  • Free hosting is used without security support
  • Shared passwords become normal
  • Backups are neglected
  • Technical support is outsourced irregularly

These conditions create weak points that attackers easily exploit.

In many cases, a simple phishing email is enough to compromise an entire organisation.

Digital attacks are cheaper than physical repression

Targeting an organisation physically attracts attention and international scrutiny. Digital attacks are quieter and cheaper.

With minimal resources, an attacker can:

  • Take over email accounts
  • Delete important files
  • Monitor communications
  • Spread false information
  • Block access to systems
  • Leak internal documents

These actions weaken organisations without creating obvious evidence of repression.

For hostile actors, this is efficient and low-risk.

Small organisations are closer to communities

Grassroots CSOs often work directly with affected populations: land defenders, women’s groups, journalists, informal workers, and displaced communities.

This closeness makes them strategically important.

When a small organisation is compromised:

  • Communities lose trust
  • Beneficiaries become afraid
  • Documentation stops
  • Advocacy slows down
  • Networks fragment

By targeting small organisations, attackers disrupt entire ecosystems of activism.

The human factor remains the biggest risk

Most successful attacks do not begin with advanced hacking tools. They begin with human interaction.

We commonly see:

  • Fake donor emails requesting documents
  • Impersonation of partners
  • Messages pretending to be from management
  • “Urgent” compliance notices
  • Fake job offers or training invitations

Staff members, under pressure and working with limited support, respond quickly. One click can open the door to attackers.

This is not carelessness. It is a result of overwork and inadequate training.

Why awareness alone is not enough

Many organisations are now aware of cyber risks. Awareness, however, does not automatically translate into safety.

Without systems, awareness fades.

Effective protection requires:

  • Clear digital security policies
  • Defined access levels
  • Regular training
  • Incident response procedures
  • Secure backups
  • Leadership commitment
  • Budget lines for security

Security must be institutionalised, not improvised.

DPI’s approach to protecting small CSOs

At DPI, our work goes beyond emergency response. We focus on building long-term resilience.

Our approach includes:

  • Digital security assessments
  • Tailored trainings
  • Website and infrastructure hardening
  • Incident response support
  • Staff mentoring
  • Policy development
  • Network-based protection models

We work with organisations to strengthen their systems in ways that fit their realities.

There is no one-size-fits-all solution.

What small CSOs can start doing today

Every organisation, regardless of size, can begin with these steps:

  1. Use strong, unique passwords and a password manager
  2. Enable two-factor authentication on all major accounts
  3. Separate personal and organisational devices
  4. Update systems regularly
  5. Set up automatic backups
  6. Limit access to sensitive files
  7. Document who controls what
  8. Train staff at least once a year
  9. Create a simple incident response plan
  10. Know where to seek help

These actions are practical, affordable, and effective.

Conclusion: Security is now part of sustainability

Sustainability is not only about funding and programmes. It is also about protection.

An organisation that cannot protect its data, staff, and communications cannot sustain its work.

As digital threats continue to evolve, small CSOs must adapt. With the right support, systems, and mindset, they can remain strong, credible, and resilient.

DPI remains committed to walking this journey with civil society organisations, ensuring that defenders are not left alone in the digital battlefield.

16 days of activism 2026_DPI

Standing Up to Online Gender-Based Violence: Building Safer Digital Spaces for Women and Girls

by AdvocacyDigital SecurityWeb Applicationswomen@web

During the 16 Days of Activism, we are starkly reminded that violence against women does not begin or end offline. It follows them into their phones, their social media accounts, and every digital space where they speak, work, lead, or express themselves. In Uganda, women journalists, politicians, activists, and even students are facing a rising wave of online attacks that are not simply rude comments but deliberate efforts to silence, intimidate, and erase them from public life.

These attacks take an emotional, psychological, and professional toll. They push many into self-censorship, and some into withdrawal entirely, a process that weakens civic participation and harms democracy for everyone.

The New Digital Battlefield: Understanding Online GBV

Today, online gender-based violence (OGBV) has taken new forms that are faster, more invasive, and often anonymous. The attacks are rarely random; they are tools used to control women’s participation in leadership, public discourse, and community organizing. When a woman is silenced online, her influence in other spaces also shrinks, which affects the entire civic space.

Types of Attacks Women Commonly Face:

  • Harassment, insults, threats, and humiliating messages.
  • Doxxing, where private information is leaked to intimidate.
  • Non-consensual intimate imagery and sexualized abuse.
  • Impersonation on social media to spread misinformation or damage reputations.
  • AI-generated deepfakes targeting women in politics or media.
  • Manipulated photos and voice notes meant to scandalize or shame.
  • Targeted phishing attacks disguised as personal or work-related messages.
  • Cyberstalking and obsessive monitoring of online activity.
  • Lastly, Trolling and Coordinated Swarming: Where large groups are mobilized to overwhelm a woman’s account with abusive content, making platforms unusable.

Empowerment in Action: DPI’s Practical Safety Toolkit

Defenders Protection Initiative continues to meet women who feel overwhelmed by online harassment but are unsure where to begin or how to protect themselves. Strengthening digital safety is not just a technical process; it is an act of empowerment and resilience-building. Practical tools and safer habits can drastically reduce exposure to attacks and increase women’s confidence as they navigate digital spaces.

Useful Tools and Practices Women Can Adopt:

CategoryTool/PracticeBenefit
Secure CommunicationSignal, Proton MailSafer, encrypted communication and private email.
Password & AccessBitwarden, Two-factor authentication (Aegis, Authy, Google Authenticator)Managing strong, unique passwords and preventing unauthorized account access.
Privacy & AnonymityBrave Browser, Tor BrowserImproved anti-tracking protection and anonymity for high-risk users.
Verification & ReportingInVID, Deepstar and Reality DefenderTools for verifying deepfakes or manipulated images before spreading them.
Platform SettingsRegularly updating social media privacy settings, restricting who can tag or message you, and turning off real-time location sharing on all platforms.Taking ownership of your digital boundaries.
DocumentationTime-Stamped Evidence: Document harmful posts using screenshots and URLs, ensuring dates and times are clearly captured for legal reporting.Crucial for Legal Action: Provides the verifiable, immutable evidence needed for platform reporting, legal proceedings, and engaging with law enforcement or human rights bodies.

Responding to online abuse requires preparation and community. Beyond the tools, women should be empowered to report using platform tools, block accounts that escalate harassment, and seek support from trusted networks or institutions.

A Shared Responsibility for a Safer Digital World

Online violence thrives in silence, which is why the 16 Days of Activism is a powerful reminder that protecting women’s voices is a shared responsibility.

At DPI, we continue to provide digital security training, digital forensics, account-recovery assistance, and psychosocial referrals so that no woman has to face OGBV alone.

But the fight is bigger than us:

  • Organizations must invest in digital safety policies and provide robust HR support for targeted staff.
  • Men must actively challenge harmful online behavior and report abuse when they see it.
  • Platforms must strengthen their moderation systems and hold abusers accountable.
  • And as a community, we must make the internet a place where women feel safe enough to lead, express themselves, and participate fully.

A safer digital world is possible, but only if we work together to create it.

We urge you to share this post and commit today to challenging digital violence.
#EndDigitalGBV #16DaysOfActivism

WhatsApp Image 2025-10-06 at 13.04.11

From Uncertainty to Resilience: DPI at the Digital Immersion at FIFAfrica25

by Digital SecurityDigital Security

This September, Defenders Protection Initiative (DPI) proudly joined digital rights defenders, technologists, and changemakers from across Africa and beyond at #FIFAfrica25 in Windhoek, Namibia. But this wasn’t your typical conference, it was an immersive journey through the digital challenges facing human rights defenders today.

CIPESA’s Internet Freedom Maze turned abstract cybersecurity concepts into visceral, first-hand experiences. DPI was honored to take part in two critical spaces within this experience:

  • Zone 1 – The Trap of Uncertainty, and
  • The Digital Security Citadel, a live, hands-on tech corner of the exhibition.

Zone 1: Phishing, Power, and Practicality

At the heart of the maze stood Zone 1: The Trap of Uncertainty where participants were confronted with a question we all should ask more often:
“Am I truly safe online?”

DPI’s Communications Executive, Noelyn Nassuna, alongside Ogira Charles Donaldson, a member of the Digital Security Alliance hosted by DPI, led this space with thought-provoking simulations and real-time awareness-building. They guided participants through phishing simulations where QR codes led to realistic scam scenarios. It was a mirror into our digital behaviors forcing participants to pause, reflect, and often, realize they weren’t as secure as they thought.

To support learning beyond the simulation, DPI distributed custom-designed IEC materials, including ring cards with easy-to-understand security tips, tool recommendations, and practical digital hygiene reminders. These materials proved to be not just souvenirs but starter kits for better online habits.

At the Citadel: DPI’s Digital Doctors in Action

While Zone 1 tested instincts, the Digital Security Citadel gave participants tools and knowledge to strengthen those instincts.

Here, DPI’s Fred Drapari (ICT Executive) joined a team of digital security “doctors” including:

  • Gole Andrew, who impressively rode a motorcycle all the way from Uganda to Namibia in the name of digital resilience,
  • Hapee De Groot, a long-time digital security ally whose practical support and insight added great value,
  • Brian Byaruhanga from CIPESA, and
  • Several other seasoned practitioners from the Digital Security Alliance.

The Citadel offered:

  • Hands-on demos of Microsoft Office security settings
  • Guided installs and education around tools like Kaspersky antivirus, Bitdefender Security among others
  • Walkthroughs of encrypted messaging, password management, and 2FA
  • A rerun of the phishing simulation for those who missed Zone 1 or wanted to try again

It wasn’t just a tech station, it was a real-time consultation corner where participants could ask, test, fail, learn, and try again.

Building Connections Beyond the Booth

FIFAfrica25 wasn’t only about simulation and tech it was about connection and collaboration.

At both the Maze and the Citadel, DPI engaged with:

  • Funders and donor agencies interested in expanding the reach of digital protection work
  • Civic actors and journalists facing similar threats across the continent
  • Techies and tool builders contributing to the ecosystem of safe digital activism

From spontaneous hallway conversations to deeply technical Citadel demos, every interaction reinforced a shared vision: digital resilience is no longer optional – it’s essential.

What We’re Taking Home

As DPI returns home from Windhoek, we do so with renewed clarity and purpose. We plan to:

  • Expand the phishing simulation quiz into a broader campaign across civil society and media spaces
  • Print more of our IEC ring cards for wider distribution
  • Integrate new toolkits and tactics into our ongoing Digital Security Clinics and Bootcamps
  • Strengthen our collaborations with fellow Digital Security Alliance members and regional partners

FIFAfrica25 reminded us that defending the defenders is not just a slogan: it’s a strategy that requires tools, creativity, and deep community.

Want to Connect?

📸 Check out snapshots from our booth, materials, and the simulation challenge on our page:
https://twitter.com/defprotection

Let’s keep the digital resistance alive – one safe click at a time.

#FIFAfrica25 #DigitalResilience #InternetFreedom #PhishingAwareness #Zone1 #DigitalSecurityCitadel #DigitalImmersion

 

Assessing The Levels of Risk

Assessing The Levels of Risk to Which Human Rights NGOs Were Exposed to After Adoption Of Technology Tools For Business Continuity

by AdvocacyDigital Security
Watch the Assesment Video Report
A week after the World Health Organisation (WHO) declared COVID 19 a global pandemic, Uganda registered its first case. A month later, the disease was widespread across the country, prompting the operationalization of WHOrecommended and Government-imposed emergency measures to contain the spread of the virus. These included partial and eventually total lockdowns, a ban on social gatherings of more than five people, the shutdown of public transport, air travel, and the closure of businesses except for vital sectors like food and health.
To ensure continuity of operations, NGOs, much like other businesses/organizations across the globe, had to heavily depend on digital tools to continue operations which led to the “Zoom-Era.” The era of working from home/remotely aided by digital applications like conferencing platforms like Zoom, which allows for up to 500 participants, voice, and video, messaging apps, and digital collaborative workspaces in the absence of offices and physical engagement.

For the highly tech-driven economies from the developed world, this transition was undoubtedly an inconvenient adjustment; unfortunately for developing countries like Uganda, with substantial deficiencies in ICT infrastructure, where only a sixth (1/6) of the population has access to the internet, and 36% of the non-internet users are digitally illiterate1, it was nothing short of a catastrophe.

The Not-for-profit sector was one of those hardest hit by this transformation since the bulk of their work entails awareness and capacity building engagements, socio-civic advocacy/activism, community meetings, and outreach. This study, therefore, sought to investigate the digital security risks associated with the adoption of technological tools given the human rights landscape in Uganda and against the backdrop of the COVID pandemic.

The study targeted 50 NGOs across the country. To obtain comprehensive data sets, it necessitated the selection of respondents from both frontline officers involved in implementing day-to-day activities of human rights NGOs and critical decision-makers such as Executive Directors, Program Managers, Department Heads and Advocacy Officers.

Guided by the research questions; “Did the adoption of digital platforms expose NGO to any cybersecurity-related challenges? Was the adoption of digital platforms effective in NGOs’ business continuity?” we were able to obtain the following evidence.

Watch the Assesment Video Report

Level of Exposure to Digital Tools Prior COVID 19

The research revealed that 50% of the respondents were moderately exposed to digital security tools before the COVID 19 lockdown. Frontline offices pointed out that their work primarily constituted physical engagements with their partners and beneficiaries, which limited the number of tech tools and frequency. The most commonly used digital tools were voice conferencing call facilities, voice over internet services like Skype, digital collaboration tools like Google Suite, Gmail, Google Drive, Google Meet, and Google Docs. Social media platforms including Facebook, Twitter, and YouTube. However, with the outbreak of COVID 19 and subsequent lockdown, NGOs had to adopt “new” tech tools and depend on the ones already in use more heavily to ensure business continuity. Respondents reported to have adopted video conferencing and collaboration platforms; Zoom, BlueJeans, Google Meet, Jitsi, KumoSpace, Microsoft Teams, and GoTo Meetings. These are mainly used to facilitate internal communication/conducting staff meetings (19%), communicate with participants (18%), conducting workshops (15%), communicating and liaising with donors (14%), and providing support to beneficiaries (14%)

Challenges Faced During and as a Result of Adopting Technological Tools

Facilitating business continuity, increasing efficiency, improving time management, and other benefits of tech mainstreaming notwithstanding, the adoption of tech tools was not without challenges. NGO heads reported internet interruptions as their biggest challenge. Interruptions were either unstable or, for the case of rural areas, non-existent networks—slow internet connections due to the minimal broadband coverage. 3G covers only 65% of the population, and LTE/4G covers only 17%.2 NGO staff in urban areas with access to 4G speeds that could support dataintensive apps like video conferencing tools were affected by the high cost of data. Individuals reported having spent on average 127,500 UGX per month purchasing internet data packages—a stretch for most middle seized NGOs without an internet budget big enough to cover 127,000 worth of data for each staff. The above interferences are compounded by frequent power cuts, which affect enabling ICT hardware and infrastructure such as the cell towers, desktops, MiFis, and modems.

Exposure to Digital Security Risks

Much like the COVID 19 pandemic, the adoption of tech tools and mainstreaming of ICT were novel. The timing and abrupt nature of the circumstances also did not allow for adequate preparation and training on using the digital tools and digital security concerns. These, therefore, paused unprecedented risks. 98% of the respondents reported having been exposed to some sort of digital security risk. Of the reported cases, we deduced that 52% of these were exposed to digital threats while using personal computers as opposed to the 48% who faced threats while using organization-provided computers. It was inferred from the findings that the organizations whose works centres on social development, justice, law and order, health, education, ICT, and accountability reported digital threats more frequently. However, this comes as no surprise, especially in the Ugandan context, whose civic environment is marred by intimidation, torture, and killing of social justice leaders, illegal detentions and evictions, and a restrictive legal framework, among others. However, the research findings highlighted the varying degree in threat level exposure as experienced by different genders and reaffirmed the disproportionate impact of COVID 19 on women and children. This is evidenced by NGOs operating in the thematic area of Women’s rights and reporting the most frequent (26%) exposure to digital security risks from using technology tools adopted during COVID-19 lockdown.
Watch the Assesment Video Report

Forms of Digital Security Risks/ Threats

Service disruptions
0%
Online harassment
0%
Lack of privacy
0%
Malware
0%
Loss of data
0%
Unauthorized access to organizational documents
0%
After service disruptions (41%), online harassment (13%) was the second most frequent risk respondents reported to have been exposed to due to the adoption of technology tools during COVID-19 lockdown. Others included; online harassment (13%), lack of privacy (8%), malware (8%), loss of data (6%), and unauthorized access to organizational documents. (3%). Video Conferencing digital tools registered the highest incidences of exposure to digital security risks. Respondents reported multiple “Zoom bombing” incidents during which offensive or Not Safe For Work (NSFW) material was displayed during organizational meetings, hacking into video conference meetings by uninvited persons and impersonation.

Reporting and Resolution of Digital Security Incidents

The research also highlighted acute digital literacy levels and the urgent need for increased digital security support for NGOs. Of the 98% of respondents who reported exposure to digital risks, only 29% reported these exposures to their corporate ICT team, service provider, platform owner, or digital security group, the majority (70%) did not report these incidents primarily because they didn’t know that they could or because they did not know where to report.

Conclusion and Recommendations

While the adoption of new tech tools and increased digital streamlining in Human Rights Organisations was sparked by an emergency, the digital revolution has been growing and evolving over three decades and is here to stay. Pandemic or not, HROs, like other organizations, recognize the necessity of leveraging and repurposing digital tools for their work advocacy, service delivery, creative public demonstrations, and meeting emergent needs.
Additionally, it cannot be ignored that with the increased digitalisation are more significant digital threats both in terms of incidence and sophistication. With 98% of the respondents in this study indicating exposure to digital security risks and over 70% of these not reporting the incidents due to ignorance and absence of relevant digital security support, this demonstrates the vulnerabilities, threats, and risks HROs are potentially exposed to within the digital era
This study further exposes how the COVID-19 pandemic has exacerbated digital inequalities and widened the digital divide between rich and poor, urban and rural, and vulnerable and privileged—evidenced by limited access to the internet, digital differentiation, participation gaps, and usage gaps marking the challenges of digitally disadvantaged organizations or communities who cannot take advantage the internet and who are at greater risk of falling behind their digitally resourced counterparts.

Nevertheless, however startling the findings, there-in lies opportunities for HRDs and social activists to;

  • Fill the service provision gap in digital security awareness and digital literacy.
  • Advocacy on digital inequalities and the associated social inequalities.
  • Leverage/develop need-specific digital tools. Tailored to advancing and supporting the work and needs of HRDs in Uganda
    • 1corona digital threats

    Digital Security Risks Human Rights NGOs were Exposed to during COVID-19 Pandemic Lockdowns

    by Digital Security

    A week after the World Health Organisation (WHO) declared COVID 19 a global pandemic, Uganda registered its first case. A month later, the disease was widespread across the country, prompting the operationalization of WHO-recommended and Government-imposed emergency measures to contain the spread of the virus. These included partial and eventually total lockdowns, a ban on social gatherings of more than five people, the shutdown of public transport, air travel, and the closure of businesses except for vital sectors like food and health.

    To ensure continuity of operations, NGOs, much like other businesses/organizations across the globe, had to heavily depend on digital tools to continue operations which led to the “Zoom-Era.” The era of working from home/remotely aided by digital applications like conferencing platforms like Zoom, which allows for up to 500 participants, voice, and video, messaging apps, and digital collaborative workspaces in the absence of offices and physical engagement.

    For the highly tech-driven economies from the developed world, this transition was undoubtedly an inconvenient adjustment; unfortunately for developing countries like Uganda, with substantial deficiencies in ICT infrastructure, where only a sixth (1/6) of the population has access to the internet, and 36% of the non-internet users are digitally illiterate, it was nothing short of a catastrophe.

    The Not-for-profit sector was one of those hardest hit by this transformation since the bulk of their work entails awareness and capacity building engagements, socio-civic advocacy/activism, community meetings, and outreach. 

    The Digital Security Alliance (DSA), a coordinated digital security support mechanism for human rights defenders, activists, and journalists in Uganda, that is led by Defenders Protection Initiative, with funding from the Collaboration on International ICT Policy in East and Southern Africa (CIPESA) under the African Digital Rights Fund, undertook the study, to Assessing the Levels of digital security risk to which Human Rights NGOs were Exposed to after the adoption of technology tools for business continuity during the COVID-19 Pandemic Lockdowns in Uganda. 

    This study, therefore, sought to investigate the digital security risks associated with the adoption of technological tools given the human rights landscape in Uganda and against the backdrop of the COVID pandemic.

    The main objective of the research was; To identify gaps and vulnerabilities that are exposing human rights organizations to digital security risks to develop strategies to build capacity to mitigate any future threats of cyber-attacks, privacy & data breaches.

    The study targeted 50 NGOs across Uganda. To obtain comprehensive data sets, it necessitated the selection of respondents from both frontline officers involved in implementing day-to-day activities of human rights NGOs and critical decision-makers such as Executive Directors, Program Managers, Department Heads and Advocacy Officers.

    Guided by the research questions; “Did the adoption of digital platforms expose NGO to any cybersecurity-related challenges? Was the adoption of digital platforms effective in NGOs’ business continuity?” we were able to obtain the following evidence.

    Level of Exposure to Digital Tools Prior COVID 19

    The research revealed that 50% of the respondents were moderately exposed to digital security tools before the COVID 19 lockdown. Frontline offices pointed out that their work primarily constituted physical engagements with their partners and beneficiaries, which limited the number of tech tools and frequency. The most commonly used digital tools were voice conferencing call facilities, voice over internet services like Skype, digital collaboration tools like Google Suite, Gmail, Google Drive, Google Meet, and Google Docs. Social media platforms including Facebook, Twitter, and YouTube. However, with the outbreak of COVID 19 and subsequent lockdown, NGOs had to adopt “new” ICT tools and depend on the ones already in use more heavily to ensure

    business continuity. Respondents reported to have adopted video conferencing and collaboration platforms; Zoom, BlueJeans, Google Meet, Jitsi, KumoSpace, Microsoft Teams, and GoTo Meetings. These are mainly used to facilitate internal communication/conducting staff meetings (19%), communicate with participants (18%), conducting workshops (15%), communicating and liaising with donors (14%), and providing support to beneficiaries (14%).

    Challenges Faced During and as a Result of Adopting ICT Tools

    Facilitating business continuity, increasing efficiency, improving time management, and other benefits of information and communication technology (ICT) mainstreaming notwithstanding, the adoption of tech tools was not without challenges. NGO heads reported internet interruptions as their biggest challenge. Interruptions were either unstable or, for the case of rural areas, non-existent networks—slow internet connections due to the minimal broadband coverage. 3G covers only 65% of the population, and LTE/4G covers only 17%.

    NGO staff in urban areas with access to 4G speeds that could support data-intensive apps like video conferencing tools were affected by the high cost of data. Individuals reported having spent on average 127,500 UGX per month purchasing internet data packages—a stretch for most middle seized NGOs without an internet budget big enough to cover 127,000 worth of data for each staff.
    The above interferences are compounded by frequent power cuts, which affect enabling ICT hardware and infrastructure such as the cell towers, desktops, MiFis, and modems.

    Exposure to Digital Security Risks

    Much like the COVID 19 pandemic, the adoption of tech tools and mainstreaming of ICT were novel. The timing and abrupt nature of the circumstances also did not allow for adequate preparation and training on using the digital tools and digital security concerns. These, therefore, paused unprecedented risks. 98% of the respondents reported having been exposed to some sort of digital security risk. Of the reported cases, we deduced that 52% of these were exposed to digital threats while using personal computers as opposed to the 48% who faced threats while using organization-provided computers.

    It was inferred from the findings that the organizations whose works centres on social development, justice, law and order, health, education, ICT, and accountability reported digital threats more frequently. However, this comes as no surprise, especially in the Ugandan context, whose civic environment is marred by intimidation, torture, and killing of social justice leaders, illegal detentions and evictions, and a restrictive legal framework, among others. However, the research findings highlighted the varying degree in threat level exposure as experienced by different genders and reaffirmed the disproportionate impact of COVID 19 on women and children. This is evidenced by NGOs operating in the thematic area of Women’s rights and reporting the most frequent (26%) exposure to digital security risks from using technology tools adopted during COVID-19 lockdown.