We’re launching one of our final series for 2018 on cyber security with this post on why it matters to international development. Stay tuned and subscribe to our newsletter if this topic interests you!

Cybersecurity.jpgPhoto from the ABA Journal.

At the heart of DAI’s Center for Digital Acceleration is a fundamental belief that digital tools can increase access to services for underserved communities around the world. Coupled with that aspiration is our investment in human-centered design, ecosystem mapping, and an assumption that trust in digital tools is a given.

But should we assume trust?

The response following the misuse of personal data by Cambridge Analytica or the hacking of Equifax, demonstrate that trust can be broken and doubt in digital tools can proliferate.

As development professionals committed to leveraging digital access and tools that provide services globally, we must take the concept of securing trust more seriously. This will require us to focus on cyber security.

Cyber security sounds daunting, particularly for people who associate the profession with dark rooms, humming computers, and coding expertise. This false impression, in my experience, stems from two misconceptions.

First is the assumption that cyber security is too technical and therefore too difficult for nontechies to understand. Second is the misunderstanding that cyber security is too costly to address when thinking about development initiatives. Both misperceptions are false. But before getting into why, let’s zoom out and start with the basics.

To get to the heart of the matter, I spent an afternoon talking to Zach Gieske, a cyber security consultant.

We started with the most basic of questions. What is cybersecurity? Zach defines cyber security as “the protection of information from misuse and unauthorized access in the digital space, given that today most information is in digital form.” The definition is comparable to that of the Merriam-Webster dictionary. Yet, to the average person working in international development, what does this definition really mean for their day-to-day activities?

To understand, Zach spent some time breaking down cyber security into its separate components. The exercise demonstrated to me what it actually means at a practical level and where there are opportunities to make a difference. Here is what I understood:

Cyber security breaks down into two specific components:

  1. Access
  2. Storage

Access, in this case, is different than how we in the digital development community understand it. When we are thinking about access for cyber security, it specifically means how do people get the data they are seeking.

Storage, then, refers to the back-end of these systems, where the data we are sharing or the data we are requesting is being warehoused.

We interact with these components of cyber security every day. Think of your morning routine at work. You walk into the office and almost immediately login to your computer. Why? Because the computer is the portal to all the relevant information you might need to complete your tasks. You’re granted access to this, by providing your login and password.

Once you’ve entered that information, you automatically trust that the information you are requesting or the people you are communicating with via email are the individuals they say they are. We trust that the system is protected.

Unfortunately, no system can be perfectly protected, rather, we can build within it precautionary measures. According to Zach, “It’s much more difficult to retrofit security protocols after a tool has been launched. Therefore, it’s better to consider security in the design stage.” As digital development practitioners, this should come as no surprise, as we already invest heavily in designing tools that meet users’ needs and consider digital literacy levels.

Adding precautionary measures to that design process can come at no added significant cost to a project. What it really requires is thinking through a checklist of different aspects of a tool you’re designing and considering who might have access to that aspect of the tool. For example, imagine your project is developing a data collection tool to track health indicators, monitor disease outbreak, and gives individuals access to their own health records. Two obvious aspects of this tool are the users themselves who access their personal information through the tool and the back-end users who analyze data to identify trends. Answering who on the back-end has access to all the data is one easy step to building resiliency. This could be followed by a workshop with users on the importance of creating strong passwords, another major vulnerability to any system storing personal data.

By investing in these capacity building and governance measures surrounding the use and access of digital tools, we as digital development professionals can ensure that we do not inadvertently erode trust in the tools we believe have the potential to increase access to critical services for more people globally.

Part 2 of this mini-series will delve into the cyber security topic further, looking at the implications of cyber security on digital infrastructure.