Cybersecurity for Civil Society: A Case Study

  • Amanda Zink, Daniela Valle

The International Republican Institute’s (IRI) Technology and Democracy team strives to prevent and build resiliency to the threats emerging from living in our digital age. A key component of this work is upskilling partners to understand and defend themselves against threats online, including censorship, surveillance, and cybercrime, through strengthening their cybersecurity skills and protocols. The below Q&A with Mexiro, a feminist, anticorruption organization in Mexico facing surveillance and data privacy concerns, demonstrates Mexiro’s establishment of stronger cybersecurity practices with IRI’s support. Please reach out to IRI’s Technology and Democracy team if you are a civil society organization (CSO) looking for cybersecurity support and resources.  


Tell us a little about yourself as an organization! What is Mexiro and what do you all work on?  

We are a local feminist CSO based in Mexico fighting for decentralization of power amongst the people. We do this by addressing anticorruption policy matters with a gender, human rights, decolonization, and anti-militarization perspective, as well as supporting victims of corruption; training researchers and journalists with a feminist and human rights approach; and providing consultancy services to private and public entities.  


From your explanation above, it’s clear that cybersecurity isn’t one of Mexiro’s areas of expertise. What made Mexiro recognize cybersecurity was important?  

Given our organization tackles issues of police violence, enforced disappearance, anticorruption, and other investigative work, we were aware of our risky position both on and offline. Governmental surveillance, arbitrary detentions, extortion, and even death threats are very real concerns that the majority of activists and journalists like us face in Mexico. Moreover, the pandemic-induced change to remote work turned our attention to digital security, so we asked IRI for support.  


IRI was able to connect you with expertise and support to review and strengthen your cybersecurity practices. Can you tell us about your experience conducting a cybersecurity audit and the key outcomes?  

This process included diagnosis, recommendations, and training from cybersecurity experts and gave us an understanding of the threat landscape we face as a CSO, as feminists, and more specifically as activists. More importantly, we are now aware of the resources and tools to protect ourselves as well as a comprehensive overview of our weaknesses and strengths regarding our digital capacities.   

We are currently creating internal protocols and norms regarding data protection of our partners and beneficiaries, the management and storage of critical information, guidelines for our colleagues during their investigative work, protection of the data of our donors and staff, crisis management and monitoring, etc. This process led to the implementation of our first cyber security policy.   

Even more importantly, we’re rethinking other safety measures in the organization. Our cyber security policy is now part of a Comprehensive Security Policy we’ve since developed, which enhances our physical, psychological, and digital protection best practices and norms.  


What are the key takeaways you’d share with other organizations similar to yours, who may not be familiar with or convinced of the importance of cybersecurity? What do you wish other CSOs knew about cybersecurity?   

We now understand how critical it is for advocacy and activist organizations like ours to strengthen digital security capacities. Good practices are the backbone of a comprehensive cyber security infrastructure which is increasingly important for human rights defenders since we are frequent targets of cyberattacks and threats. Throughout our work, we identify the impact of digital threats on vulnerable groups such as women and members of the trans, cis and non-binary community. Vulnerable groups are subject to censorship, smear campaigns, cyberattacks against activism forums or pages, among other practices that violate their rights online.   

Unfortunately, many CSOs lack capacities and resources to withstand attacks and potential vulnerabilities in their systems, especially those working on a local level in the periphery, such as journalists and racialized groups. That is why building initiatives and supporting partnerships, as IRI supported Mexiro, to open cybersecurity opportunities to CSOs is significant to strengthen civil society’s digital capacities and the formation of a culture of cybersecurity awareness.   

We make an open call for donors and other implementers to democratize and make cybersecurity resources, tools, and knowledge accessible for organizations and individuals operating in insecure contexts, and we advocate for CSOs to invest in cybersecurity to better protect their staff, their partners, and the people they’re striving to help.  

Up ArrowTop