Leading the fight to protect NGOs from digital threats is the Tibet Action Institute (TAI) founded in 2009.

"We fill a supporting role for others doing advocacy," said Lobsang. "How to make their work more effective, so that there are not attacked, and they are protected."

TAI does not focus on getting users to select the best or safest tools. Instead, it wants people to understand the Chinese threat and make small changes. It models its campaigns after those in the public-health sector, and works both with the exile community and Tibetans in Tibet, making sure they understand how to send information outside the country safely.

"Tibetans in Tibet tend to have this idea: 'If the information gets out, I don't care what happens to me.' It's very courageous," said Lobsang. "But we want to help them get over that mentality, making them understand that [their well-being] is very important to the movement." That often means teaching simple tasks -- helping them understand how mobile networks and SIM cards work -- so that they can use low-risk communication methods.

This behavior change is key to TAI's mission, as a system is only as secure as its weakest link. If regular Tibetans are not secure, then potentially no one is.

"It's more about behavior and understanding security, and making sure you understand once you install an app, what those permissions mean, so you're better informed before doing anything."

"Our focus has been on what tools people are using already, and then what practices that can actually support that to be more secure," said Lobsang. "It's more about behavior and understanding security, and making sure you understand once you install an app, what those permissions mean, so you're better informed before doing anything."

Also key to the effort are partnerships with institutes such as Citizen Lab or other NGOs facing similar threats from Chinese state actors. Since that 2009 report, Citizen Lab has been releasing regular updates on the latest tactics being used by hackers to try to access Tibetans' and Tibet organizations' data, which directly inform TAI's training tactics.

It is a nonstop game of cat-and-mouse. As the Tibet movement's digital-security abilities and training improve, the Chinese government implements more-sophisticated hacking techniques. Members of the Tibet movement credit the integration of digital-security thinking for allowing it to keep pace with threats. According to Bhuchung K. Tsering, Vice President at the International Tibet Network, the everyday use of digital tools requires people and organizations to make security second nature.

"The best thing that we can do is be mindful of what we do all the time," said Tsering. "If we are mindful, then we will be more prepared to take those steps that might prevent the ... Chinese, or anyone else, from getting into our system."