Post by Jack Warner
While anyone who conducts any kind of digital activity is at risk of a security breach or cyber attack, journalists are especially vulnerable to surveillance and hacking by malign actors. The communications and data kept on the devices of those reporting the news is of particular interest to government agencies, large corporations, small businesses and many different kinds of organizations.
When journalists concern themselves with cybersecurity and take defensive measures, they not only protect their own personal data and that of their news organization but also they also strike a blow for the independence and integrity of the press. In some cases, data protection is even more significant, rising to a critical safety issue.
Why journalists need to prioritize cybersecurity
Journalists should think of digital cybersecurity as equally important as reporting on current events with integrity and passion. In particular, reporters working on investigative stories or exposes are at risk, and data can become a matter of life and death.
Last month, the exiled Pakistani journalist Sajid Hussein was found dead in Sweden. His case highlights the risk to reporters who undermine hostile regimes. The very nature of the job puts journalists at the forefront of unending scrutiny and surveillance. Such cases are becoming all too common.
Take the tragic tale of Italian student Giulio Regeni, who was conducting research on the controversial topic of independent trade unions in Cairo, Egypt. Regeni was abducted and subsequently tortured to death in early 2016. Many commentators believe Egyptian security services were involved in his death.
Regeni’s physical security was at stake, as many journalists experience on a daily basis. Unprotected data can compound the risk to physical safety — especially as certain governments and other organizations seek to silence reporters.
Sources must be protected as a fundamental principle
Many journalists keep a long list of anonymous sources and relationships with people in the know. The onus is always on the journalist to protect the identity of their sources, both in regard to ethics and legality. Sources have a certain level of trust in the journalists they maintain contact with and if this trust is broken, the journalist’s integrity is compromised.
Regaining the trust of anonymous leads becomes harder and the reporter may struggle to rebuild his or her reputation. Protecting sources and the information they provide is key.
Technological advancements open new avenues for threats
The potential for cybersecurity threats evolves with every new technology that hits the market. Often before the user can learn how to protect themselves, hackers have already figured out various methods of undermining the newly launched technology. Hackers, both individual actors and the state-sponsored variety, are increasingly aware of potential access points.
Journalists need to be aware of the risks and vulnerabilities that come with each app, program, or device they use and take steps to mitigate the risk of a breach.
Tools journalists can use to secure devices
By taking several small yet highly effective steps, journalists can minimize their vulnerability and protect their digital security.
Anonymize and encrypt internet traffic with a VPN
A VPN, or Virtual Private Network, is a powerful tool that anonymizes Internet activity by disguising device location and protecting data from unsecured or potentially dangerous Wi-Fi networks.
A VPN also allows access to websites that may be restricted in certain regions, so users can bypass strict censoring regulations in many areas. For example, a journalist reporting on a crisis in a country where the government censors content that doesn’t align with their political agenda can freely gain access to websites and streaming media with a VPN installed.
VPN software can be used on desktop computers, laptops, tablets and mobile devices. Many VPN providers allow multiple downloads across all devices with one single subscription.
Delete metadata, navigation history and cookies
Hackers know how to find an incredible amount of information about anything and anyone on their devices, including someone’s career and what stories they’re currently working on.
Sensitive details that can help cybercriminals can lay hidden in a user’s metadata, navigation history and cookies. These details should be deleted thoroughly and regularly to mitigate the risk of a leak or breach. Start practicing clearing these items from your browser as a matter of course.
Be aware of IoT devices
Internet of Things (IoT) devices record information around us all the time. The most common offender is a commonplace smart home technology such as Alexa, but devices as diverse as fridges, baby monitors and home security cameras can all represent a security risk.
Should you need to hold a classified discussion or make a sensitive phone call, a thorough walkthrough of the area can catch any IoT devices that can eavesdrop on confidential conversations.
Create secure backups
Using a cloud storage system and/or external hard drive is invaluable in preserving your work. As cloud storage technology improves, this is the best option in terms of cost, security and access — but a hard drive can also prove useful, so long as the user can keep it secure (that is, physically locked up).
Enable private browsing
The only browsers that should be used are those that allow browsing in private mode, especially when the purpose is to dig for controversial information. When private browsing is enabled, any information that could be pulled from the activity will not be saved by the browser to the current computer or device when the window is closed. This includes cookies, browsing history and details entered into form fields. Again, a good habit to pick up and maintain.
Use data encryption and strong passwords
Rather than trying to protect data file by file, a journalist is far safer when his entire machine or user account is encrypted. This encryption should be secured with a strong password that is unique and not easily determined by a hacker running a dictionary attack.
PIN numbers and passwords for all accounts should be all individually unique and difficult to crack. Journalists should take advantage of secure password managers that help keep track of log-ins and passwords across the board. These can only be accessed by another unique and secure, master password.
Journalists taking all of the above-listed security measures to protect themselves and their sensitive data are better positioned than those who view cybersecurity as an afterthought. Journalism is an important industry and although it comes with a distinctive set of risks, the world is a better and more informed place because of the critical work produced by unrelenting reporters.