Beginner’s guide to improving online security

  • Protect your identity and data with better and safer passwords or 2-step verification – you log in with password and then confirm with a verification number sent to your phone. 
  • Phishing – tricking a user to visit a site to enter personal information and passwords or download malware – is the most common attack. So check any link you receive in e-mail: read the URL and underlying html, don’t click on it!
  • Spear phishing – Personalized message targeting attempted by researching your information or impersonating your friends or colleagues – is growing. You may think you know the sender but it can be a hoax.
  • The weakest link: everyone in your newsroom or collaboration must use safe practices to prevent phishing attacks on others in a trusted group.
  • Encrypt everything. Make it a habit. If you use encryption all the time for communications and data, and encourage or demand it from colleagues and sources, then content will be protected and encryption can become normal behavior for journalists and the industry.
  • PGP is encryption for e-mail. OTR is Off The Record encryption for messaging, which is used by chat programs like Pidgin (PC), Adium (Mac) and CryptoCat (web based). Google “off the record” chat is NOT Off The Record (OTR).
  • Encryption is not anonymity.  Encryption protects content but not the identity of the sender and recipient. To anonymize communication traffic and web browsing, go to the Tor Project, learn about the Tor network and download Tor software.
  • Having the Tor software on your computer indicates you are using anonymous communications. If this puts you at risk, you can instead use Tails – Tor on a USB stick, which leaves no trace. Find out at
  • Protect your data on physical devices. What if your laptop is stolen? Your USB drive? Your cell phone?  What about your address book? Encrypt everything. Secure your passwords.
  • Your cell phone is a location device. It holds all your contacts. Think about security.  Know where your data is and take steps to protect it.
If you want to learn more about enhancing your security online, you can get Jonathan Stray’s complete presentation “Threat modeling: Security for your story” with audio here.  The Journalist Security Guide from the Committee to Protect Journalists also offers useful tips on protecting your online activities in its section on information security.

No comments: