As a journalist, you will often be a custodian of sensitive, personal information. The law on the freedom of journalists goes a long way. However, you can be a target for cybercriminals and entities with the motivation and means to steal or tamper with the information in your custody. There is plenty you can do to secure your data or render it useless if someone else gets their hands on it.
You've got many trusty tools in your arsenal: a smartphone, laptop, and of course, a notepad. So how can you keep these secure?
Software updates keep your devices safe, especially when it comes to security updates, so hackers can't exploit vulnerabilities to hijack your devices. Everything is connected. So, it is important to update all your devices regularly, as one outdated device can give cybercriminals the perfect entry point into others.
Software updates secure data on your device, but they don't secure your online accounts. Anyone can visit a site and try guessing your account password. There's also special software a hacker can use to crack your login credentials.
For starters, you should use a strong yet memorable password. A random combination of numbers, letters, and symbols has proven the most secure type of password. However, remembering those passwords is nearly impossible, especially because you have to use a different combination for each online account. We recommend using a password manager to generate and store your passwords.
A strong password is great, but it's not enough. What happens if someone manages to get your login details? In that case, they would have free rein over your account and your data. Adding two-factor authentication (2FA) to your accounts makes them even more secure.
2FA is like having a safe that requires two different keys to unlock. Your password is constant, but the 2FA code changes-usually every 15 seconds. And to open that safe, you must have the correct pair of keys for that time window.
Now that you have secured your accounts and made sure no one can exploit a security flaw in your system, the next step is getting a Virtual Private Network (VPN). A VPN encrypts your internet traffic, stopping any third party from seeing which websites you visit and how long your spend there.
Another important feature of a VPN is that it can conceal your IP address. Your IP address is your device's tag number. Anyone with this number can use it to get your approximate physical location, information about your device, and online activity.
Windows Defender is as good antivirus as any, and Macs have built-in security features. But third-party antivirus software has additional, albeit paid-for, features that can level up your internet and device security. Choosing the best antivirus will come down to personal preference and needs. Your company may also have a paid antivirus service; you should ask the IT department.
The basic security tips above will help keep your devices and data safe. Nevertheless, there's more you can do to protect your privacy.
A couple of burner phones might not cut it, but it's a good start. Burner phones are cheap, disposable phones you'll use to handle sensitive information to help protect your identity. Using these devices also means you don't have to store your data on one device and risk losing it all in one go.
People can use your phone number to get Personally Identifiable Information (PII) about you. Your phone number should be private and only known to your immediate family and trusted friends. For all other work stuff, you should get a burner phone number.
You can still get burner numbers the old-fashioned way at the convenience store, but that's hardly necessary now. You can use apps to generate burner numbers and destroy them on a whim. The phone numbers work the same way numbers that come with SIM cards do. The main difference is that they're virtual.
Your devices-smartwatch, phone, and PC-are all GPS-enabled devices that can broadcast your location in real-time. Keeping location services turned off is important if you wish to keep your meetings with sources and habitual routes private.
Turning off your location on these devices is typically quite easy. Swiping down on a smartphone will show a notification panel where you can easily turn off location. Handling privacy on a smartwatch involves more than turning off location, however.
You're going to get a lot of calls as a journalist. Some of those calls will come from people with anonymous tips. There will also be a lot of scam calls. You can try using phone number search sites; these help you screen unknown callers or find information about someone using their phone numbers. However, they are not always accurate or work for burner numbers.
Storing your data locally on your device is great, but nothing hurts more than losing a phone or laptop containing all the files you need to work on a story. Backing up your data can help you avoid this. But we get it. Having some misgivings about the popular cloud data backup options is understandable.
In that case, consider using zero-knowledge encrypted cloud storage providers. That's a mouthful, but the gist is that these cloud services do not access your information. The data you back up is encrypted; even the cloud company will not have the decryption keys.
Losing your device is hard enough. Knowing that the thief can access the files on the device is even harder. In some cases-and depending on the device-you will have the option to wipe your data remotely.
On macOS, this involves using the "Find My Device" option. This feature is built-in, but you will need to have previously enabled it (which feels like a no-win situation because it means always having your location turned on).
Indeed, Windows has the "Find My Device" feature, but there's no option to wipe your data remotely. Instead, you will need to have previously installed third-party software. The best thing here is to ask your IT department for recommendations.
Journalists, and indeed anyone who is privacy-minded, favor Tor and other advanced browsers. In your work as a journalist, you may often need to use the Invisible Internet Project (I2P), a garlic routing protocol, to browse the internet safely. Setting up I2P takes a few minutes, and you won't experience a significant effect on your browsing speed.
Using military-grade encryption on your computer can protect your files from remote hackers and data leaks if your devices get stolen. Military-grade encryption sounds like a big deal, but it's a fancy name for advanced encryption options. Setting up advanced encryption on a Windows PC only takes a few minutes.
The security measures mentioned above are normal for journalists, but are also important for anyone who values their online security and privacy. It doesn't have to be just other people's data that's worth keeping private: everyone needs to keep personal information secure, and away from prying eyes.