In a world where information spreads faster than ever – and digital threats loom just as quickly – protecting the integrity and digital safety of our organizations and people is essential. For organizations driving racial justice, the stakes are even higher.
In the latest installment of our crisis communications and rapid response series, our CEO Bilen Mesfin Packwood interviews Amro Radwan, Founder and CEO of Shake Technologies, to talk about how nonprofits, advocacy groups, and movements can strengthen their digital defenses while staying nimble in the face of misinformation, hacking attempts, and coordinated online attacks. Part one of this Q&A dives into the meaning of digital security and the most common digital threats facing nonprofits and movement organizations right now.
______________________________________________________________________
For social justice organizations and movement leaders, what does “digital security” actually mean in 2026? How is it different from generic IT or cybersecurity?
Digital security for social justice organizations is the practice of protecting people, not just systems. Corporate cybersecurity exists to defend revenue, intellectual property, and regulatory compliance. Movement digital security exists because the people doing this work and the communities they serve need to be able to organize, communicate, and operate safely in a digital environment that was not built with their protection in mind. When your mission challenges power, whether that is state violence, white supremacy, or systems of oppression, your organization and everyone connected to it becomes a target. Every Google Workspace account, every Slack channel, every shared drive, every donor database is a potential vector for harm against people whose safety depends on their information staying protected.
The threat landscape is fundamentally different. Social justice organizations face adversaries that most corporate IT frameworks were never designed to account for: state surveillance apparatus, politically motivated hackers, coordinated online harassment campaigns, and government agencies actively seeking to dismantle the communities we serve. When the current administration is manufacturing chaos, ramping up deportations, and threatening the 501(c)(3) statuses of organizations serving Black, Muslim, and immigrant communities, a phishing email is not just an IT incident. It is a potential entry point for harm that can ripple across an entire community.
This is also why our job is twice as hard as corporate cybersecurity. A corporate security team is responsible for the technology. Full stop. In movement spaces, we are responsible for the technology and for physical safety, organizational resilience, psychosocial wellbeing, and the real world consequences of any failure across all of those areas. We are not just asking whether MFA is enabled. We are asking whether a staff member’s home address is exposed in a domain registration, whether an organization’s travel patterns could be used to track its leadership, whether the way a coalition communicates could be used to map an entire network of activists. Corporate security gets to stay in its lane. We do not have that luxury.
This is why movement digital security cannot be treated as a siloed IT function. It is one dimension of holistic security. A corporate security audit asks “are we compliant?” A movement security practice asks “who are our adversaries, what are they capable of, and what information could endanger our people if it were exposed?” That distinction in framing changes everything about how you prioritize, plan, and respond.
The scope of what needs protecting is also broader than most organizations realize. It is not just passwords and permissions. It is donor lists that could be weaponized to intimidate funders. It is case files and intake records that could expose vulnerable program participants. It is internal strategy documents that reveal how coalitions are organizing and who they are organizing with. It is the communication patterns themselves, who is talking to whom, how often, and about what, which can be as revealing as the content of the messages.
Movement digital security is also inherently collective. Corporate cybersecurity treats each company as a standalone entity defending its own perimeter. But social justice organizations operate in ecosystems of partners, coalitions, and shared campaigns. A vulnerability at one organization can cascade across an entire movement. The person with the weakest security practices in your coalition is not just their own problem. They are everyone’s problem. Building a culture of security across your network, not just within your own walls, is as important as any encryption tool or access policy.
At its core, digital security in 2026 is community care expressed through technology. It is the recognition that the same digital tools that give movements their power to organize, mobilize, and communicate are also the tools that adversaries will exploit to surveil, disrupt, and endanger. Taking digital security seriously is not paranoia. It is a strategic necessity for any organization that wants to keep doing the work and keep its people safe while doing it.
When you start working with a new group, what’s the first thing you look at to understand their digital risk, especially in a misinformation or rapid response landscape?
Before we touch a single setting or open an admin console, we need to understand the context. Who is this organization? What communities do they serve? Who are their opponents, and what are those adversaries capable of? A racial justice organization facing coordinated harassment campaigns from white nationalist networks has a completely different risk profile than an environmental group dealing with corporate opposition. A reproductive health fund operating post-Dobbs has different exposure than an immigrant rights organization navigating ICE enforcement surges. The technology is downstream of the threat landscape, so that is where we start.
From there, we look at three things simultaneously. First is the human layer. Who has access to what, and do they understand why that matters? How does the team actually communicate day to day? Are sensitive conversations happening on platforms that are appropriate for the level of risk? Are staff members, especially leadership, visible in ways that make them personally targetable? In rapid response environments, people move fast and cut corners, and that is exactly when mistakes happen. We need to understand the pace and pressure the team operates under because security practices that do not account for how people actually work will get ignored the moment a crisis hits.
Second is the data footprint. What is the organization holding onto, and what could be weaponized if it were exposed? Donor records, participant intake forms, coalition contact lists, internal strategy documents, communications with funders. Most organizations are sitting on far more sensitive data than they realize, and much of it is stored with default permissions that are far too open. We also look at what is publicly exposed. Domain registrations, social media metadata, old staff pages still live on a website, cached documents that should have been removed. Your adversaries do not need to hack you if you are already giving away information through poor data hygiene.
Third is the organizational infrastructure itself. We run organizations through a comprehensive digital security assessment that evaluates their platforms, configurations, policies, and practices against a baseline of what is appropriate for their threat level. This is not a generic IT checklist. It is calibrated to the specific risks that social justice organizations face. It identifies gaps and produces actionable recommendations, but the key word is actionable. A 40-page report that sits in a Google Drive folder is worthless. The assessment has to lead directly to a prioritized plan that accounts for the organization’s capacity, budget, and the urgency of the threats they are facing.
In a misinformation or rapid response landscape specifically, we also look at how prepared the organization is to respond when something goes wrong, not if. Do they have an incident response plan? Do they know who to call? Can they lock down accounts and communications quickly if they are targeted? Do they have a communications protocol for when they are being impersonated or when disinformation is being spread about them online? Most organizations have never thought through these scenarios, and the time to build that muscle is before the crisis, not during it.
What are the most common digital threats you see facing nonprofits and movement organizations right now, especially those working on racial justice, immigrant rights, or trans justice?
The threat landscape for social justice organizations has fundamentally shifted since the start of 2025. We are not primarily dealing with opportunistic cybercriminals trying to steal credit card numbers. We are dealing with the systemic weaponization of data, technology, and legal processes against communities that challenge power. The threats break down into several categories, and they are deeply interconnected.
The most severe and underappreciated threat right now is the legal weaponization of organizational data. Subpoenas, administrative demands, device seizures, and forced disclosures are being used to map networks, identify participants, and build cases aimed at stripping organizations of their 501(c)(3) status or criminalizing the people they serve. The Department of Homeland Security has weaponized administrative subpoenas to target individuals connected to advocacy work. DHS launched a $200 million campaign around enforcement and surveillance, and the One Big Beautiful Bill Act budgeted $5.9 billion for new technology toward border surveillance, a single allocation that outstrips funding for all other federal law enforcement agencies combined. Every intake form, every case file, every donor record your organization holds is now a potential liability if you do not have a clear data retention policy and the technical infrastructure to enforce it.
The second major category is targeted phishing and account takeovers. This is not the generic Nigerian prince email. These are sophisticated, researched attacks that impersonate funders, board members, coalition partners, or government agencies. They are designed to compromise organizational email accounts, which then become a gateway to everything: internal communications, shared drives, donor databases, financial systems. For organizations working on racial justice or immigrant rights, a compromised executive director email account does not just expose the organization. It exposes every person and partner in that inbox. AI tools have made these attacks cheaper and more convincing than ever, with personalized lures that are nearly indistinguishable from legitimate correspondence.
Third is doxxing and coordinated online harassment. This is especially acute for organizations working on trans justice. Anti-trans groups are deploying doxxing as a deliberate strategy to destroy the informational autonomy of trans people by rupturing their control over their own personal information. Trans people and their allies have been doxxed for exposing anti-trans activities and advocating for their rights. But this extends across movements. Roughly 11.7 million U.S. adults have been doxxed, and the attacks are becoming more coordinated and AI-assisted. Automated data scraping tools now allow bad actors to assemble personal profiles with minimal effort, and bot networks can distribute doxxed content widely and repeatedly. For staff at movement organizations, particularly executive directors, organizers, and public-facing advocates, a doxxing incident can mean death threats, swatting, and the need to physically relocate. And it does not stop with the individual. When a leader is doxxed, it sends a chilling message to everyone in the organization and everyone considering joining the movement.
Fourth is surveillance infrastructure, both state and corporate. The administration’s expanded partnership with data analysis firms has created surveillance infrastructure that tracks movements, maps relationships, and profiles communities at scale. This is not speculative. Location data sold by commercial brokers, social media monitoring tools used by law enforcement, and facial recognition technology deployed at protests are all actively being used against the communities our organizations serve. For immigrant rights groups, this means that metadata, location patterns, and communication networks can be used to identify and target undocumented individuals, even if the content of communications is encrypted.
Fifth, and this is one people consistently underestimate, is insider risk and poor data hygiene. Not malicious insiders, but well-meaning staff and volunteers who have never received security training, who reuse passwords, who share sensitive documents through unprotected channels, who leave the organization and retain access to systems for months. Most breaches in the nonprofit sector do not start with a sophisticated hack. They start with a compromised password on an account that was never protected with two-factor authentication, or a shared Google Drive folder that was never locked down after a staff transition.
What makes all of this so dangerous is that these threats do not operate in isolation. A phishing attack leads to an account takeover. The account takeover exposes donor data. The donor data gets used in a doxxing campaign. The doxxing campaign triggers harassment that forces leadership to go dark at the exact moment the organization needs to respond to a policy crisis. The cascading nature of these threats is what makes them so devastating, and it is why organizations cannot afford to treat digital security as an afterthought or a one-time project.
______________________________________________________________________
At Change Consulting, we understand the unique challenges organizations face in today’s environment. If you need support building a crisis communications plan or navigating a difficult moment, we’re here to help. Reach out to us at hello@change-llc.com.
Shake Technologies operates at the intersection of Social Justice and Technology. They understand the unique technology and security challenges that nonprofit and social justice organizations face. If your organization is looking for a trusted technology partner, please reach out to them: https://shaketech.com.