Online security tips for journalists

par Maite Fernandez
30 oct 2018 dans Digital Journalism

Keeping your data safe is an essential part of working online.

Whether you're a journalist working in dangerous parts of the world or, like Wired's Matt Honan, who found his entire online life, hard drive and phone wiped out in an hour by a hacker, it's time to get serious about your data.

Robert Guerra, a specialist in cybersecurity and data privacy, gave a few tips on how to stay safe online during a two-hour webinar organized by the Knight Center for Journalism in the Americas.

Here are IJNet’s main takeaways:

Surfing the web. We’ve mentioned before how important “https” can be for surfing the web. If you're using a public connection or someone hacks your network and you're not using https, they'll be able to see what you browse. “They can see your username and password when you log into your email,” Guerra said.

Some browsers already use this feature, but it’s not always activated automatically for every website you visit.

The safest bet? Download and install the “Https Everywhere” extension, from the Electronic Frontier Foundation. This activates https navigation in your browser automatically. The extension is currently only available for Firefox and Google Chrome.

Using your email.

Https: Most of us have vital personal and professional information in our email accounts. If you're using Gmail, Guerra recommends activating the “Always use https” option on “Browser Connection” in your general account settings.

Forwarding email: Another important precaution is to check that your emails are not being forwarded to another email account without your authorization.

Many activists in China have reported that when their accounts were hacked, nothing was destroyed and their passwords weren’t changed. However, they found that an authorized email address was connected to their account, so every email they were sending out was being forwarded to another, unknown email account, explained Guerra.

You can check this in Gmail account settings under the "Forward and POP/IMAP" tab.

Two-step verification: One of the lessons learned from Honan’s piece is to always use a two-step verification system that will be triggered whenever someone accesses your email account from an unfamiliar computer.

First, you’ll need to add a phone number to your Google account. From that point on, a code will be sent to your phone whenever you try to access your account from an unfamiliar computer. The code can only be used once.

If you don’t want to receive the codes via text or voice message, you can also download the Google Authenticator app or use the codes Google generates for you by clicking on “Show backup codes” in your Google account. “You can print them and store them somewhere safe,” suggested Guerra.

You can check out this video for more information on how to set up a two-step verification system in your Google account.

How to find out if your account has been hacked: You can check if your Gmail account has been accessed by someone else by going to the bottom right corner of the screen and clicking on “Details.”

A window will open, showing the activity on the account, including access type (browser, mobile, POP, etc.), the location (IP address, state and country) and the date and time. You can also configure settings in this window so you are sent an alert for unusual activity.

Staying safe using social media. Guerra recommended setting up https navigation in your Facebook and Twitter settings and setting up a login notification in Facebook to alert you of unusual activity.

Have you ever been hacked? Do you have any other tips to stay safe online?

Image via Morguefile.