In the digital age, grantmakers should be able to assess and, when appropriate, help address the digital security threats faced by grantees and grant applicants. Yet, because this is new terrain for most grantmakers, they are likely to experience a range of challenges.
These challenges include:
• Not knowing where to start;
• Not understanding the language of information security;
• Feeling overwhelmed;
• Not knowing where to turn for advice;
• Being unsure of what to do in the face of digital security concerns;
• Clarifying and responding to interlocking acute and long term problems of digital and physical security;
• Convincing grantees to make changes in information technology where historically they have often been left to make their own decisions.
Good news: you can address, or at least mitigate, these challenges. The purpose of this guide is to help grantmakers both assess and address digital security concerns. The guide is divided into three sections.
Section 1 explores the scope of targeted digital threats against civil society and the constraints that hamper the ability to address them.
Section 2 describes how to conduct a digital security “triage” of grants to elevate the digital security of your whole grant portfolio; while playing special attention to the highest risk grantees.
Section 3 is the conclusion and provides suggestions for pathways to think more systematically about digital security as a part of grantcraft.
Digital security breaches can cause harm to grantees, as well as their clients, beneficiaries, and partner organizations. These threats also pose a risk to grantmakers and to the larger strategies of impacted organizations. Security leaks can compromise an organization’s ability to carry out its work, and can erode trust between civil society actors. Though it can be difficult to get started, funders have an important role to play in starting conversations with grantees on digital security threats and ways to mitigate them.