Journalists’ digital survival guide: Why, how, and actionable steps

by Gyan Prakash Tripathi
Jun 3, 2024 in Digital and Physical Safety
Drawing of a figure with a press jacket on, a computer with password protection, and a lock screen on a phone

The news used to be confined first to paper, and then to radio and television. Today, it lives online, where journalists and newsrooms not only publish their stories, but also research and communicate. 

With this shift comes a new reality: targeted attacks, surveillance and online threats that spill into the real world. Journalists in South Asia, especially those who cover the rights of religious minorities and communal or caste persecution, are now on the frontlines of a digital battlefield. 

This guide isn't just about securing your data, it is about building your digital armor – a shield to protect yourself, your sources and your critical work. Think of it as your essential guide to navigating the ever-evolving online landscape. 

To start, some trends to be aware of:

  • Targeted attacks: Malicious actors – from hostile governments to criminal groups – use sophisticated tactics to compromise our devices, steal data and silence our voices. Imagine a personalized phishing email exploiting your latest investigation, or malware implanted on your phone tracking your movements.
  • Wreaking havoc: Data breaches and unauthorized access are all too common. News organizations and individual journalists are prime targets for hackers seeking sensitive information – confidential source contacts, unpublished work, or internal communications. Picture the consequences of your entire investigation's details leaked online.
  • Surveillance under the microscope: Our online activity can be monitored, leaving us vulnerable to all kinds of dangers. The looming threat of our sensitive data being in the wrong hands can often lead to a chilling effect on our freedom to report certain stories. Authoritarian regimes and other malicious actors use sophisticated surveillance tools to track our communications, movements and associations. Imagine your phone calls with a whistleblower being intercepted or your online research history used to identify and harass your sources.

But it's not just about stolen data:

  • Digital risks morph into physical harm: Online threats can have real-world consequences. Doxxing, online harassment, and even physical attacks have become distressingly common for journalists, especially those covering sensitive topics. There are far too many examples of a journalist’s home address being made public online, or them receiving threatening messages that escalate to violence.

The stakes are high. Our digital security is no longer just a technical concern, it's fundamental to our safety and journalistic integrity. By understanding the shifting sands of this online battlefield, we can navigate it with informed caution, protecting ourselves and our vital work.

This is not just about fear; it's about resilience. By becoming digitally secure, we empower ourselves to continue to investigate, illuminate, and hold the powerful accountable, even in the face of growing threats.

Taxonomy of privacy: What you need to know

  • Data privacy: Protect personal information from unauthorized collection, use or disclosure.
  • Communication privacy: Ensure secure communication channels for confidential exchanges with sources and colleagues.
  • Device security: Safeguard laptops, phones, and other tools used for research, communication, and data storage.

Common fallacies: Debunking digital myths

  • Myth: "I have nothing to hide, so why worry?" Reality: Even basic information can be used for targeted attacks.
  • Myth: "Security software is enough." Reality: Layered protection is key to addressing physical, digital and social vulnerabilities.
  • Myth: "Free tools are good enough." Reality: You need to invest in robust security solutions proven to be effective.

Tools and techniques

  • Passwords: Implement strong, unique passwords and multi-factor authentication (MFA) everywhere.
  • Encryption: Encrypt sensitive data on devices, cloud storage, and communication channels.
  • Secure communication: Use encrypted messaging apps like Signal or Wickr Me for sensitive exchanges.
  • Device hygiene: Update software regularly, avoid suspicious links and downloads, and use a VPN. Ensure https:// is enabled on every website while on public Wi-Fi.
  • Physical Security: Secure physical devices, implement strong workspace passwords, and be mindful of surroundings.

Actionable steps: Start today!

  • Password power: Change all passwords to strong, unique ones. Enable MFA on critical accounts.
  • Encrypt everything: Start encrypting sensitive files on your device and cloud storage.
  • Secure messaging: Choose an encrypted messaging app and educate your sources on its use.
  • Use free and open source software (FOSS): FOSS offers greater transparency, control and freedom to modify and distribute the software according to your needs, unlike proprietary software.
  • Software savvy: Update all software regularly and avoid risky online behavior.
  • Back up regularly: Schedule automatic backups of essential data to safeguard against loss or theft.

Always remember: Digital security is an ongoing process, not a one-time fix. Stay informed, adapt your techniques, and prioritize your digital safety.

Additional resources:

Header photo by Gabrielle Rocha Rios.

This story was originally published as part of a toolkit on religion reporting, produced by IJNet under ICFJ's program, Stemming the Tide of Intolerance: A Network of South Asian Journalists to Promote Religious Freedom.