Tips on Cyber Security for NGOs from the experts at the CyberPeace Institute

Tips on Cyber Security for NGOs from the experts at the CyberPeace Institute

We sat down with the Swiss-based CyberPeace Institute to gain insight on their expertise and experience in leading non-profit organisations towards having strong and resilient cyber security practices. Fabien Leimgruber, the Senior Programme Manager for the CyberPeace Builder’s programme, laid out the relatively simple steps towards better cybersecurity, and enlightened us about the ways that the CyberPeace Institute can help.

Sometimes it’s the simple stuff

In Fabien’s experience, there are three types of smaller organisations: “those that are not aware of their threats, but happy to learn. Those that are aware, but are at a loss to solving them; and those that aren’t worried about threats to their cybersecurity.” As time goes on, though, more organisations are moving towards being aware of the threats, at least, says Fabien, “with events such as the 2022 hack of the International Committee of the Red Cross focusing minds”.

The approach that both Fabien and the CyberPeace Institute suggest begins with understanding your ‘threat landscape’. For example: if you run a small, cause-based organisation then you’re unlikely to be targeted by large state-backed hacking operations. However, the risk is quite high that you could be targeted by an opportunistic criminal. Once the ‘threat landscape’ has been identified, the organisations should identify their critical assets, and then work to implement basic cyber security steps.”

“Actions that can be taken for small and medium organisations can include easily-achieved steps like having and maintaining backups, creating secure passwords, and making sure that your processes and training are in good condition”, says Fabien. “The goal”, he goes on to say, “is to create a culture of cybersecurity.”

Finding support

Of course, if you run a small organisation you may not have the finances or bandwidth to take large steps to secure your cybersecurity. Nevertheless, you don’t need to think huge to begin with, according to Fabien. “Taking basic steps can reduce your risk by a huge amount- like over 90%”, he says. There are places to get free help, too. One such place, perhaps unsurprisingly, is the Cyber Peace Institute.

Since a large part of cybersecurity is human error and mistake, tools such as the ‘Browser-in-browser phishing simulator’ can help you recognise when you’re being targeted by a phishing scam. Similarly, initiatives such as the Cyberpeace Café can help people that run organisations learn from others experiences and mistakes.

Finally, there’s the programme that Fabien’s team leads: the CyberPeace Builders. This is an interesting scheme where online security professionals volunteer their time to help non-profit organisations with their cyber security. From helping implement two-factor authentication, to identifying threats, and more, there’s a platform where organisations place their requirements, and professionals then reach out to help.

If your organisation needs some help upgrading its cyber security, feel free to reach out to the Cyber Peace Institute, via their website or email at