Digital hygiene for journalists: Advice for keeping personal data and communications secure 

Digital security is a necessity in journalism: Protecting accounts, securing communications, safeguarding sources, and preparing for attacks are all core to newsgathering in today’s digital landscape.

As journalists – especially women journalists – are increasingly targeted online, the National Press Club Journalism Institute spoke to digital security experts Robert Guerra and Rick Valenzuela about practical resources for journalists to better protect themselves, their sources, and their reporting in an increasingly complex digital environment.

Guerra and Valenzuela emphasized that effective digital hygiene practice depends not only on tools, but also on awareness, preparation, and consistent upkeep. 

“Digital security is like preparing a meal. You cannot just put ingredients together without care; you have to pay attention to every step, or you may create a bigger problem,” Guerra said.

Assessing personal risk

Journalists today face growing digital threats alongside physical risks, especially when reporting on sensitive issues. Understanding one’s personal hazards is the first step in staying safe online.

“In high-risk situations, digital safety should be treated with the same seriousness as physical safety,” Guerra said.

Journalists should evaluate their risk based on the type of reporting they do and the environment they work in, as threats vary widely depending on the sensitivity of a story and the visibility of the journalist’s work, he said. An investigative reporter covering high-profile national stories will have a very different type and level of risk than a local reporter covering their own community, for example.

Prepare for risks before they occur rather than wait for an incident to happen, Valenzuela stressed. 

“Most people are very reactive, they only take action when something happens,” he said. “But if you are doing the basic things, [such as] having long complex passwords … that’s incredibly helpful, and especially very useful or very important for journalists.”

Utilizing secure communication tools

Valenzuela strongly cautioned against using email or social media messaging services for sensitive communication, as these platforms can be exposed through legal requests such as subpoenas or data breaches. 

“Relying on regular email, social media direct messages, or other non-encrypted platforms for confidential communication can expose journalists and their sources,” he said. 

Instead, use encrypted messaging tools such as Signal for secure conversations, especially when dealing with sensitive sources.  

However, even secure tools can fail if they are not properly used, Guerra said. “Journalists need to recognize that there are both technological risks and human risks involved,” he said. 

In some instances, journalists using Signal believed their messages were protected but did not realize they had certain features turned on, such as notifications that display message previews even on a locked phone screen, Guerra said.

For all communication tools, Valenzuela emphasized the importance of using long, complex passwords, multifactor authentication, and secure backups. He recommends password managers like Bitwarden, and Keepass XC, and OnePassword, which offers a free tier for journalists. 

Journalists should also be aware of their digital footprint, which includes IP addresses, browsing activity, and stored messages. Valenzuela recommended practices such as secure browsing habits, disappearing messages when appropriate, and DeleteMe, which aids in removing digital information online.

A phone or computer should be treated like part of your body: something you need to protect, Guerra emphasized. 

“I think the general approach of mine is to not treat digital security any differently than you would treat your own personal security,” he said. “You would protect your arm, you would protect your leg.”

Sometimes the safest approach is to think about how journalists worked decades ago, he added. Guerra encourages journalists who are speaking with particularly sensitive sources to put their phones away, meet in person, and be constantly aware of their surroundings during an interview.

The importance of newsroom support

Journalists should not handle digital threats alone. Newsrooms and colleagues should support monitoring and coordinating responses to cyberattacks or harassment when they occur. 

Having trusted colleagues monitor online activity during attacks can reduce stress and improve response time, Valenzuela said. 

“One of the things to do for sure is to tell your news editor, your newsroom manager, your legal department, possibly your VPR [Vulnerability Priority Rating] department [about] online harassment or a cyber attack,” Valenzuela said. 

Prioritize having conversations with newsroom editors before going for major assignments, so that both sides understand the level of risk and what steps should be taken in case they are targeted online for the story. 

Newsrooms should have plans in place for an attack, whether that means releasing a public statement, increasing security measures, or – in particularly serious situations – arranging temporary relocation for the journalist and their family.

Valenzuela emphasized the importance of newsroom leaders publicly standing up for their journalists during an online attack. 

“It does so much for your staff and also goes a long way not only to building trust with your staff and your company but with your community. When your community sees that [you’re standing up for your journalists], when your readership sees that, they’ll back you even more,” he said. 

A continuous process

Digital security is not a one-time task.

“Security training should be continuous, not occasional,” Guerra said. “It’s not something that you learn one time, it’s an ongoing training and education that needs to happen.” 

This is especially true as technology changes, making it easier and cheaper for malign actors to go after journalists. “The type of attacker isn’t just governments anymore, it can be smaller for-hire groups that will go after journalists,” Guerra said.

There is no one-size-fits all solution to digital security. Being adaptable, continuously updating your security protections and systems, and sharing knowledge between those who have suffered attacks before is key. 

“There is no single solution that works for everyone. The right security measures depend on the journalist’s environment and the level of risk they face” Guerra said. “The most important thing is to take digital security seriously and learn from journalists and human rights defenders who have dealt with these threats for years.”

Key tips for maintaining digital hygiene: 

  • Consistently update practices. Threats and technologies are consistently evolving, and journalists must also keep their digital hygiene practices up to date. 
  • Evaluate your own personal risk. Understand your own risk environment, and treat digital security as similar to physical safety. 
  • Use password managers and secure messaging platforms, including password managers like Bitwarden and Keepass XC, and Signal for encrypted messaging. 
  • Put in place a contingency plan. Newsrooms and independent journalists alike should implement structures for when an attack happens, and how to respond.

Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments