Compared to organizations in other sectors, civil society organizations (CSOs) are particularly vulnerable to security and privacy threats, as they lack adequate resources and expertise to defend themselves. At the same time, their security needs and practices have not gained much attention among researchers, and existing solutions designed for the average users do not consider the contexts in which CSO employees operate. As part of our preliminary work, we conducted an anonymous online survey with 102 CSO employees to collect information about their perceived risks of different security and privacy threats, and their self-reported mitigation strategies. The design of our preliminary survey accounted for the unique requirements of our target population by establishing trust with respondents, using anonymity-preserving incentive strategies, and distributing the survey with the help of a trusted intermediary. However, by carefully examining our methods and the feedback received from respondents, we uncovered several issues with our methodology, including the length of the survey, the framing of the questions, and the design of the recruitment email. We hope that the discussion presented in this paper will inform and assist researchers and practitioners working on understanding and improving the security and privacy of CSOs.

中文翻译：

---

调查弱势人口：民间社会组织的案例研究

与其他部门的组织相比，民间社会组织 (CSO) 特别容易受到安全和隐私威胁，因为他们缺乏足够的资源和专业知识来保护自己。同时，他们的安全需求和实践并没有得到研究人员的太多关注，现有的为普通用户设计的解决方案没有考虑到 CSO 员工的工作环境。作为初步工作的一部分，我们对 102 名 CSO 员工进行了匿名在线调查，以收集有关他们对不同安全和隐私威胁的感知风险以及他们自我报告的缓解策略的信息。通过与受访者建立信任，使用匿名激励策略，我们的初步调查的设计考虑了我们目标人群的独特要求，并在可信赖的中介的帮助下分发调查。然而，通过仔细检查我们的方法和从受访者那里收到的反馈，我们发现了我们方法的几个问题，包括调查的长度、问题的框架和招聘电子邮件的设计。我们希望本文中的讨论将为致力于理解和改善公民社会组织的安全和隐私的研究人员和从业人员提供信息并提供帮助。