By Uliana Pavlova
We live in the age of cybersecurity, when it is more important than ever to protect our information and sources digitally. Olivia Martin from the Freedom of the Press Foundation and Mike Tigas of ProPublica offered useful tips and tools on digital security for journalists at the CAR Conference.
Why does security matter? Security matters because, as journalists, we want to protect our information from hacking, especially when it comes to crossing borders. The first step towards better information security is threat modeling, which allows you to identify assets, adversaries, risks, and best practices.
- Asset: What data do you have to protect?
- Adversary: Who wants to get ahold of the data?
- Risk: What is the likelihood of that happening?
- Practice: How far are you willing to go to make sure it doesn’t happen?
The next step is to break down the data you have on your computer into two categories: data at rest and data in transit. Data at rest is the information we store on our computers. Data in transit is the information we choose to share with others via email, text messages and over phone calls.
A regular password can be cracked in a matter of days or even seconds. For example, “password123” can be cracked in 6 seconds. However, passphrases can take years to crack. Journalists need to make sure they are making it as hard as possible to gain access to their accounts. A passphrase can consist of three random words like “carrot horse shoe.” Secure password managers like 1Password, LastPass and KeePassX can help you manage your passphrases.
The next crucial step towards digital security is two-factor authentication. The easiest way to think about two-step authentication is to break it down into something that you know (passphrase) and something that you have (mobile phone.) Martin and Tigas suggested a Yubikey or hardware tokens.
Now, if you’re storing important files on your computer, you want to make sure you are using full disk encryption. Panelists suggested several programs:
Data in transit is the information you choose to share with others. When you don’t encrypt a message, it’s like sending a postcard in the mail; Everybody can see its content. Encrypted email puts that postcard in an envelope. Now you can only see a sender and a recipient.
When it comes to text messages, here are the best tools for encrypted messages:
- Signal (iOS & Android)
- Threema and WhatsApp
Last but not least, make sure to avoid phishing. Watch the “from” field in your email for little misspellings; someone else can pose as your boss or your mom. Also, beware of attachments and links.