Cookie Consent by Free Privacy Policy Generator Unprecedented Push to Protect Small Eurasian CSOs - The SecDev Foundation

Unprecedented Push to Protect Small Eurasian CSOs

A four-year push by our CyberSTAR team has helped dozens of Eurasian civil society organizations (CSOs) transform their resilience to digital harm—so they can keep supporting vulnerable people without being derailed.

Eurasian push (2019‑23)
9
countries
64
small, at-risk CSOs fortified
69
Digital Safety Champions fostered
670+
Civil society actors digital-safety-trained
6,800+
social media posts in 6 languages
1.46M
public engagements with online content

From 2019 through 2023, the team worked with 64 small, at-risk CSOs in nine countries. Each one of them has now substantially retooled their digital practices, systems and policies. Along the way, 370 CSO staffers completed comprehensive digital-safety training.  And their collective growth tells an important story—about CSOs’ vital role in this part of the world, about digital threats they increasingly face, and about their capacity to adapt to protect their vital missions.

CSOs: Vital yet vulnerable

Across Eurasia, CSOs bring essential support to vulnerable people and communities. Some are filling key gaps in health care, education, community development, humanitarian response and beyond. Others provide independent media voices or help people seek justice. These are often very small operations, and they are increasingly using digital tools to manage costs and improve their efficiency and reach. On the flipside: any growing reliance on tech also breeds new digital vulnerabilities.

In today’s cyberspace, you can imagine how small groups might struggle with digital safety. Some may not know when they are storing personal information insecurely. Others may not see how routine behaviours can deepen their exposure to hacking, social engineering and other digital harms. And in regions shaped by conflict or instability, the consequences of a digital strike can be catastrophic—for a CSO’s operations, staff and/or beneficiaries. Beyond the serious risks of financial loss and service disruption, people’s lives can literally be at stake.

In fragile contexts, digital threats may come not only from profit-seeking cybercriminals, but also from political foes, foreign states and others. That’s everyday reality across Eurasia for many CSOs. And that’s why our CyberSTAR team made its big Eurasian push: to help potentially vulnerable providers become more digitally resilient.

CyberSTAR: Digital first aid

CyberSTAR stands for Cyber Safety Training, Assessment and Response. This is the Foundation’s digital-safety methodology for small, at-risk CSOs. Conceived in the early 2010s, CyberSTAR has evolved through use by Foundation-supported projects around the world.

A CyberSTAR process is an all-hands-on-deck exercise. It starts by working with staff to assess vulnerabilities in a CSO’s digital systems, policies and practices. That assessment guides remediation efforts to bootstrap their digital hygiene to a new level. Essentially: digital first aid. Finally, a multi-month process of staff training, mentorship and policy support ensures digital-safety progress will “stick” and continue into the future.

CyberSTAR’s approach is uniquely tailored to small, at-risk CSOs. Yes, there are other ways to get a low-cost digital audit report. But a report alone won’t get the job done for organizations with little IT capacity to follow through. That’s why CyberSTAR’s primary output isn’t an audit report, but rather measurable progress. That means stronger technical systems and policies—and it especially means staff who are better equipped to stay safe.

The Eurasia push: Unprecedented progress

CyberSTAR’s most intensive application yet has played out since 2019 in nine Eurasian countries: Armenia, Azerbaijan, Georgia, Kazakhstan, Kyrgyzstan, Moldova, Tajikistan, Ukraine and Uzbekistan. With support from partners and donors, the team was able to scale up the CyberSTAR model for a whole new level of innovation and impact.

Each of the 64 Eurasian CSOs that “graduated” through this phase is now substantially stronger. How much stronger? CyberSTAR grades their digital resilience using an extensive scorecard. Coming in, these CSOs’ average score was 40 percent. By graduation, that average grew to a heartening 95 percent. One organization grew its score from just 14 percent all the way to 100.

Graph showing the growth of CSOs' digital safety scores.This means that 64 CSOs have transformed their digital systems, practices and policies. They join 26 other CSOs that became CyberSTAR graduates before this latest push. So altogether, 90 Eurasian CSOs are now better tooled to serve and support people without being derailed.

Individually, the technical steps can seem quite basic: securing routers and access points; adopting password managers and two-factor authentication; installing and updating licensed software; adopting secure messaging and cloud-based storage platforms; and so on. But together, these steps significantly strengthen a CSO’s digital hygiene. And that’s only the start.

Deeper transformations come by reshaping behaviour through education and internal policy. How do staff use their devices off-site? What precautions do they take on social media? Can they recognize phishing attempts? How is digital safety built into staff on-boarding? Building a culture of digital safety is tough, but it’s the essential core of digital resilience. And these organizations have done very, very well.

I used to think that digital safety was something that only people with IT degrees could understand. Working with the CyberSTAR team, I realized that so much of digital safety was about following really basic rules and routines. I feel that my organization and my staff is now much better prepared to handle online tools, important data, and cyber threats. —’Ayana’ in Kazakhstan

Making progress sustainable

How sustainable are these transformations? We’re optimistic for two reasons. First, CyberSTAR’s focus on staff behaviour, culture and policy builds a foundation for lasting change. Second, the team’s approach has prioritized building local capacity—human infrastructure—to deliver the frontline program.

Wider impacts
CyberSTAR’s online help desk supported even more CSOs—handling 146 requests for urgent assistance or guidance.
Through 50+ digital clinics and training events, the team brought digital safety basics to 300 more civil society actors.
6,800 posts flowed through the team’s social media—including 564 safety alerts and 164 public awareness campaigns—earning 1.46 million engagements.

First the team recruited, trained and supported 10 expert “SARTechs” to guide the project and lead audit and remediation work in their own regions. Those SARTechs helped train and mentor at least one internal Digital Safety Champion (DSC) inside every CSO.

DSCs aren’t always techies. They are trusted staffers capable of supporting digital safety standards internally. And they’ve proven to be indispensable to achieving results that last. It makes sense: the CyberSTAR method depends on organizations openly sharing access to systems, practices and vulnerabilities. That’s a big ask for an external technician to make. But an internal champion can earn trust among leaders and staff—and represent the organization’s uniqueness back to SARTechs.

Together, SARTechs and many of the DSCs also formed an online Digital Safety Peer Network. This has become an active venue for them to support each other through tough challenges.

Screenshot of the cyber-star.org homepage.The team also continues to build out a digital-safety web portal: cyber-star.org. This site presents learning resources—how-to guides and explainers—in seven Eurasian languages. (In Tajik, Uzbek, Georgian and Azerbaijani, these are easily the fullest digital-safety resources available.) These tools are familiar refreshers for CyberSTAR grads but also excellent primers for anyone. The portal also features teaching resources that grads can use to on-board new staff and deliver refresher courses. CyberSTAR shares all of these resources under a Creative Commons license and urges anyone to make the most of them.

Moving forward from here

The CyberSTAR team continues working in Eurasia, though on a smaller scale for now. They’ll continue supporting grads as urgent issues arise, including through the Peer Network. And fresh priorities include bringing CyberSTAR to CSOs that were very hard to reach due to geography or conflict. This will often mean working fully remotely, building on lessons learned during the COVID-19 pandemic. Trust-building, especially, requires exceptional attention with no in-person contact.

Assembling funding, partners and participants for the 2019-23 scale-up was a major undertaking. Working to repeat that is an option. But the team is also exploring models to bring CyberSTAR services to CSOs globally, at scale, in a sustained way. That includes exploring the feasibility of pay-for-service options.

One thing is clear: The world needs more CyberSTAR. Even as digital threats become more pervasive—by the day—CSOs are becoming more vital to people’s lives and quality of life. CyberSTAR is uniquely built for the realities of smaller CSOs, who could otherwise be left behind. And the team behind it tells us they are more energized than ever. Stay tuned.