aithStar
← Knowledge Hub

Welcoming refugees in a hostile climate: protecting your people, your service users and your building

7 July 2026

  • refugees
  • security
  • safeguarding
  • safety

Welcoming the stranger is among the oldest callings of every faith, and today countless faith communities live it out by supporting refugees and asylum seekers. But in the current climate, that good work can attract hostility — online misinformation, social-media pile-ons, and, at times, protest and threat. The targets are the organisation, its staff and volunteers, and — most seriously — the vulnerable people it serves. This is a practical guide to continuing that work safely: protecting your service users first, then your organisation and its people, securing your building, and handling online intrusion calmly. It is general information, not advice — for security, safeguarding, legal or data-protection questions, take specialist professional advice.

The climate you're working in

It helps to be clear-eyed. Recent years have seen organised anti-refugee protests — sometimes outside the very places where people are accommodated or supported — frequently mobilised and amplified online, and often fuelled by misinformation that spreads far faster than any correction. For the people at the centre of it, the effect is frightening: many are survivors of war, torture or gender-based violence, and a hostile environment re-traumatises them, leaving some afraid even to leave their accommodation. None of this means faith communities should retreat from the work. It means doing it prepared — calmly, not fearfully.

Protect the people you serve — first, and always

Your service users are the priority, and the most vulnerable to harm. Before anything else:

  • Guard their identities and their data. Never publish or share names, faces, addresses or the specific location and times of services for vulnerable groups. Treat this information as strictly confidential — protecting it is part of your basic duty of care and your data-protection obligations.
  • Beware "doxxing". Hostile actors may try to gather and publish personal details to intimidate or direct violence at individuals. Assume anything you post publicly can be used this way, and don't post anything that could identify a person or reveal where frightened people gather.
  • Keep photos and social media careful. A single well-meant photo can expose someone. Get informed consent, avoid identifying detail, and brief every volunteer on what must never be shared.
  • Reassure and inform. Frightened people need calm information and safe routes in and out — not exposure. Keep them told, and keep them safe.

Protect your organisation and its people online

Most hostility now arrives through a screen. Prepare for it before it comes:

  • Have a social media policy and a crisis plan in advance. The Charity Commission expects trustees to manage these risks — decide now who speaks for the organisation, how you'll respond, and what your holding lines are.
  • Don't feed the storm. You rarely have to win an argument with a hostile account. Avoid engaging trolls, limit or pause comments where needed, and remember that silence sometimes starves a pile-on of the reaction it wants.
  • Lock down your channels. Use strong passwords and two-factor authentication, control who can post, and moderate carefully.
  • Support your staff and volunteers. Online abuse takes a real toll on the people who read and moderate it. Rotate the task, check on them, and make clear the organisation stands behind them — the Charity Commission is explicit that this support matters.
  • Document and report. Keep records of abuse and threats; report threats to the platform and, where there is any threat of violence, to the police. Report serious incidents to the Charity Commission where the thresholds are met.
  • Correct carefully, or not at all. Sometimes a calm, factual message to your own community is worth it; sometimes engaging only amplifies a lie. Judge each case, and don't be baited.

Social media crisis plan: a template you can use

The time to write a plan is before a storm, not during one. Here is a simple one-page template — copy it, fill in the blanks, and keep it somewhere your team can find it fast. 📄 Download the editable Word version to adapt for your organisation.

1. What counts as a crisis for us (tick your triggers)

  • A threat to the safety of a service user, volunteer or staff member
  • "Doxxing" — someone's personal details posted publicly
  • A coordinated pile-on or viral misinformation about us
  • A protest or disturbance threatened at our premises
  • A media enquiry we're not ready for

2. Who does what (fill in names and numbers)

  • Crisis lead (decides the response): ­­­___________
  • Spokesperson (the only person who speaks publicly): ___________
  • Social media moderator: ___________
  • Safeguarding lead (service-user safety): ___________
  • Trustee contact / out-of-hours contact: ___________

3. First hour (immediate actions)

  • Check the safety of the people involved first
  • Pause any scheduled posts; secure accounts (change passwords, enable 2FA)
  • Start a log — screenshots, times, what was said
  • Convene the crisis lead and spokesperson
  • Confirm no service-user data or location is exposed

4. Decide the response (default: don't engage trolls)

  • Monitor only · limit or turn off comments · issue a holding statement · report to platform and police · brief our community privately

5. Holding statement (draft one now, keep it ready)

"[Organisation] exists to [mission]. We're aware of [situation]. The safety and dignity of the people we serve is our first priority. [We won't be commenting further at this stage / Here is what matters: ­­___________]." Approved by: ___________

6. Protect people — check service users are safe and informed · support staff/volunteers facing abuse · review building security if any physical threat.

7. Report and record — report threats to the platform · report threats of violence to the police (101, or 999 if urgent) · report a serious incident to the Charity Commission if thresholds are met · keep your log.

8. Afterwards — debrief, support your people, note what to improve, and update this plan.

Keep your building and your people secure

Physical safety matters too, especially if your premises are known to host this work:

  • Risk-assess your premises. Who is there, and when? How is access controlled? What is visible from outside? A simple, honest assessment is the foundation of everything else.
  • Know your duties under Martyn's Law. The Terrorism (Protection of Premises) Act 2025 ("Martyn's Law") introduces protective-security duties for many public premises, including places of worship — with risk assessments, staff training and emergency and evacuation plans expected. Places of worship generally fall under the "standard" tier; there is an implementation period before duties bite, but the approach is good practice now, whatever your size. The government's ProtectUK service offers free guidance, e-learning and toolkits.
  • Take practical measures. Access control, secure locking, lighting, CCTV where appropriate, and keeping vulnerable-group activities out of public view and off public listings. Don't advertise the times and places where frightened people gather.
  • Build a relationship with your local police before you need it. Know how to report threats, and ask what support is available if a protest is threatened. Many areas also have faith-security resources and schemes worth tapping.
  • Have a plan for a protest or disturbance. If trouble is threatened: keep service users safe and, if necessary, away; secure the building; liaise with police; and never confront a hostile crowd. Brief staff and volunteers on emergency and evacuation procedures in advance.

📄 Download a building security policy template to adapt for your premises.

Handling online intrusion into confidential work

Working with a vulnerable cohort demands an extra layer of discretion:

  • Separate your public presence from your confidential work. What you post publicly should never reveal the operational detail of services for vulnerable people — locations, times, individuals.
  • Assume you may be watched. Hostile actors sometimes monitor pages or even attend events. Consider referral-only or closed arrangements for sensitive services, and be discreet about when and where they run.
  • Train everyone. The biggest leaks are usually accidental — a volunteer's photo, a tagged location, a shared name. Make "what we never post" part of every induction.
  • Respond fast to doxxing. If a service user, volunteer or staff member is doxxed, act quickly: report it to the platform and police, support the person, and review your security. Don't leave someone to face it alone.

📄 Download a doxxing response plan template so your team knows what to do before it happens.

Don't be deterred — be prepared, and not alone

The purpose of hostility is to make you stop. Preparation is what lets you carry on safely. And you are not on your own: refugee-support networks, other faith and community groups, and wider solidarity movements exist precisely to stand with organisations doing this work (this is also where interfaith relationships built in calmer times prove their worth). Lean on them, share intelligence and good practice, and remember that far more people support welcome than oppose it.

Free downloadable templates

To make this practical, we've prepared some editable templates you can download, adapt for your organisation, and keep where your team can find them:

These are general templates to adapt, not a substitute for professional advice — please read the note at the end.

A practical checklist

  1. Protect service users first — confidentiality, data, no identifying posts.
  2. Write a social media policy and crisis plan, and decide who speaks.
  3. Support your staff and volunteers facing online abuse.
  4. Risk-assess your premises, and use ProtectUK / Martyn's Law resources.
  5. Build a police relationship and a protest plan before you need them.
  6. Train everyone on what must never be shared.
  7. Know how to respond to threats and doxxing — fast, and together.
  8. Take specialist advice on security, safeguarding, data protection and law.

The bottom line

Welcoming refugees and asylum seekers is faith at its most practical and most courageous — and, in a hostile climate, it calls for both care and preparation. Protect the vulnerable people you serve above all else; ready your organisation and support your people; secure your building; and meet online hostility with calm rather than fear. Do that, and intimidation does not get the last word — the welcome does. And on the safeguarding, security and data questions that carry real risk, take specialist professional advice rather than facing them alone.


This article is general information, not advice. Security, safeguarding, data-protection and public-order situations are serious and specific — take professional advice, and contact the police where there is any threat to safety. This article draws on official guidance but does not replace it. For help with the governance, policies and planning behind doing this work safely, get in touch.

Sources verified (July 2026):

  • Charity Commission — Charities and social media (managing online risk, crisis planning, supporting staff facing abuse) — https://www.gov.uk/government/publications/charities-and-social-media
  • ProtectUK / Home Office — Martyn's Law (Terrorism (Protection of Premises) Act 2025) and protective-security guidance — https://www.protectuk.police.uk/
  • Information Commissioner's Office (ICO) — data protection and your responsibilities — https://ico.org.uk/for-organisations/
  • NCVO — Social media guidance for charities — https://www.ncvo.org.uk/help-and-guidance/digital-technology/designing-services-products-and-activities/social-media-guidance-for-charities/
  • Together With Refugees — sector solidarity and support network — https://togetherwithrefugees.org.uk/