RaazNet

RaazNetBeta

KNOWLEDGE BASE
On This Page

Organizational Security and Group Dynamics

A comprehensive guide to building resilient security cultures within organizations and groups. This document covers managing group dynamics under threat, fostering safe communication, preventing infiltration, and implementing participatory security plans tailored to the Iranian context.

Time15 minutes

Organizational Security and Group Dynamics

Security is often viewed as an individual responsibility, but in the context of civil society and activism in Iran, it is fundamentally a collective endeavor. Organizations and groups face complex internal dynamics that influence how they perceive and respond to threats from state actors (such as the IRGC or Ministry of Intelligence).

This guide explores how to build a resilient security culture, manage the psychological impact of threats on group behavior, and implement effective organizational security plans.

1. Group Dynamics Under Threat

When groups face external pressure—surveillance, harassment, or the threat of arrest—their internal dynamics change in predictable ways. Understanding these psychological shifts is the first step to preventing them from undermining your work.

Common Behavioral Changes

Research into activist groups under pressure reveals three common defensive reactions:

  1. Hardened Boundaries: Groups may become excessively insular, making it difficult for new members to join or for existing members to leave. This isolation can distort the group's perception of reality and limit access to fresh information.
  2. Rigidity: Established routines and norms may become fixed. Members may resist changing tactics or questioning the status quo, even when the security landscape shifts (e.g., new censorship technologies).
  3. Increased Authoritarianism: In a search for safety, groups may tolerate a higher concentration of power in leadership. This can lead to opaque decision-making and, in extreme cases, abuse of power.

Countering Negative Dynamics

To maintain a healthy and secure organization:

  • Democratize Security: Distribute responsibilities. Avoid "security gurus" who hold all the knowledge.
  • Open Communication: regularly revisit shared values and discuss changes in dynamics openly.
  • Transparency: Maintain transparent decision-making processes to reduce the risk of adversaries targeting individual leaders and to prevent internal power abuses.

2. Building a Security Culture

A strong security culture is not about paranoia; it is about normalized, conscious practices that protect everyone.

Talking About Security

Discussing security can be emotional and stressful. Fear of being labeled "paranoid" often silences necessary conversations.

  • Create Safe Spaces: Dedicate specific times to discuss security concerns without the pressure of immediate work deadlines.
  • Facilitated Reflection: Use structured questions to guide discussion:
    • What topics do we avoid discussing?
    • Do we have adequate space to express fears?
    • What happens when we disagree on security risks?

The "Do No Harm" Approach

Implementing security measures can unintentionally create division. Resources (e.g., VPN accounts, secure hardware, training) are often scarce.

  • Equitable Allocation: Ensure security resources are distributed fairly. If only leadership receives secure phones or training, it signals that their safety is valued more than that of staff or volunteers.
  • Inclusivity: When introducing new protocols (e.g., mandating Signal use or PGP), ensure everyone receives the necessary training and support so no one is excluded from participation due to technical barriers.

3. Addressing Mistrust and Infiltration

The threat of infiltration by intelligence agents or informants is a reality in the Iranian context. However, unchecked suspicion can be as damaging as the infiltration itself, leading to destructive "witch hunts."

A Constructive Approach

  • Focus on Process, Not Personality: Instead of trying to guess who might be an informant, focus on protecting sensitive information through compartmentalization and access control.
  • Transparent Verification: Establish clear, agreed-upon processes for vetting new members.
  • Legal & Ethical Boundaries: Ensure all group activities comply with international human rights standards (UDHR, ICCPR). Infiltrators often attempt to provoke groups into illegal or violent acts to justify crackdowns. Be cautious of members who aggressively advocate for violent methods.

4. Organizational Security Planning

Security plans must be "living documents"—created collectively and reviewed regularly.

Participatory Design

A plan imposed from the top down will likely fail. Buy-in is essential.

  • Collaborative Creation: Involve all members in identifying threats and proposing solutions.
  • Role Clarity: Everyone should know their specific role during an emergency (e.g., who contacts the lawyers, who wipes the data, who notifies families).

Emergency Response and Support Networks

Define clearly what constitutes an "emergency" (e.g., arrest, raid, loss of contact for >4 hours).

  • Support Network: Map out allies before a crisis occurs. This includes trusted lawyers, digital security experts, international NGOs, and trusted family members.
  • Early Alert System: Create a centralized, secure method (e.g., a specific Signal group or code word) to trigger the emergency plan.
  • Drills: Conduct role-playing exercises (cautiously, respecting trauma) to practice responses to scenarios like device confiscation or interrogation.

5. Assessing Organizational Security

Regular assessment helps identify gaps between your policy and actual practice.

The Security Wheel Assessment

Visualize your security performance across different dimensions. Draw a wheel divided into sections such as:

  1. Digital Security: (e.g., 2FA, encryption, secure deletion)
  2. Physical Security: (e.g., office access, meeting locations)
  3. Data Management: (e.g., retention policies, backups)
  4. Well-being: (e.g., stress management, burnout prevention)
  5. Legal Preparedness: (e.g., access to counsel)

Process:

  1. Rate: Have the team rate current performance in each area (e.g., colored sections).
  2. Identify Barriers: Why are we weak in this area? (Resource lack? Knowledge gap? Culture?)
  3. Plan: Prioritize 2-3 areas for immediate improvement.

Managing Information Assets

Conduct an Information Ecosystem Mapping:

  • What information do we hold? (Donor lists, activist names, interview recordings)
  • Where is it stored? (Cloud, local drives, paper)
  • Who has access?
  • How sensitive is it?

Classify data (e.g., Public, Internal, Highly Sensitive) and apply appropriate protections to each level.

6. Working with External Resources

Groups often need outside help, but this introduces new risks.

  • Vetting Consultants: When hiring security trainers or auditors, ensure they understand the specific threat landscape of Iran. Avoid "cookie-cutter" solutions.
  • Ownership: The security plan must belong to the organization, not the consultant. External experts should empower the team, not make decisions for them.

Key Takeaways for Iranian Groups

  1. Security is Collective: An individual's mistake can compromise the group. We keep us safe.
  2. Avoid Paralysis: Acknowledge threats without letting fear dictate every action.
  3. Compartmentalize: Share information on a "need-to-know" basis to limit damage if one node is compromised, but maintain social cohesion.
  4. Plan for Disconnection: Establish protocols for how the group functions during internet shutdowns (e.g., pre-agreed physical meeting points or alternative communication methods like mesh networks).
Source:
Edit

Was this article helpful?

Your feedback helps us improve our wiki content.