Last reviewed January 20, 2022
The current global health situation has seen changes to the way journalists do their job, with an increasing number working from home instead of an office. This has created digital security issues for journalists and media outlets who still need to work during the pandemic.
Journalists working from home may be using personal devices to do research, speak with sources, and download documents. The inability to have face-to-face meetings has meant journalists and newsrooms moving more online, often without basic digital security protocols in place.
Journalists who are reporting on the spread of COVID-19 are also at risk of being targeted on the internet by anti-vaxxers and conspiracy theorists, including online harassment, doxxing, and account hacking.
Secure your remote office
● Update your devices, including your phone, to the latest operating system. Updates often fix known vulnerabilities in the software that attackers could try to exploit. Configure your devices to update automatically.
● Update apps and browsers to the latest available version.
● Use a password manager to create long, unique passwords and secure your online accounts. Turn on two-factor authentication for all accounts wherever possible.
● Think about where you are storing your documents, especially if you are working on sensitive issues. Create a system for storing work so that you will be able to find it easily when you return to the office. Avoid downloading and storing documents on an ad hoc basis, or on multiple devices.
● Back up your data and research on a regular basis to avoid losing work. Create more than one copy—for example, back up your work to an external hard drive as well as saving it on your computer. If possible, protect your backup with a password, and store it away from your regular workstation.
● Use a virtual private network (VPN) if you are concerned about your internet service provider and others seeing your online activity, especially if you are carrying out sensitive research. Be aware that a VPN service may also record your internet activity, so research the best VPN service for you, depending on your location and your level of risk.
● Lock all your devices with a PIN or password to deter people from accessing them. Avoid sharing devices you use for work with other members of your household.
● Ensure that your home Wi-Fi is protected with a password.
Communicate more securely
Be aware that online communication services often collect personal data about you and the people that you are speaking with. This data can be sold, handed over to governments, or breached by criminals if the company does not secure it properly.
● Do an internet search on any online communication service you plan to use. Check for security vulnerabilities, privacy concerns, or if the company has suffered any data breaches. If possible, see if the company has been subpoenaed by a government and review what information the service handed over.
● Check to see whether the service uses end-to-end encryption. Research the law in your country with regards to encrypted communications.
● Be aware of your own risk profile, and that of the people you wish to speak with. If you or anyone you communicate with is likely to be a target of a government or of an adversary with sophisticated technology, consider whether using these services could put you at risk.
● Back up anything important contained in messaging apps regularly, and delete anything inessential.
● Be aware that many messaging apps store a copy of your messages, including photos and documents, either in a cloud account or on your device. End-to-end encrypted messaging services Signal and WhatsApp allow you to set messages to automatically delete after a certain time.
● If you are working with low internet bandwidth and need to speak with more than one person at the same time, consider using end-to-end encrypted chat or voice messages instead of video conferencing.
Preparing for online abuse
● Review what information is available about you online and take note of the sites where this information is held. Take steps to remove any information that you are uncomfortable having in the public domain or that you feel could put you at risk, such as your address or photos of your children.
● Be aware of what images are available of you online and think about how they could be used against you.
● If in the United States, sign up to data removal sites to have your address removed from public databases.
● Check the privacy settings on your social media accounts to see what information is available to others. Remove or limit access to content that you feel could be used to discredit you or that could put you at risk.
● Disable location tracking for any social media accounts.
● Consider deleting old social media posts or using a service that will delete past tweets. Abusers will often resurface old posts you have made as a way to discredit you.
● Set up Google alerts for your name, including any common misspellings, to alert you if your name is mentioned online. Schedule calendar reminders to remind you to review your online profile on a regular basis, for example, every three months.
● Be aware that a copy of any information you have online is likely to exist in some form on the internet – for example, in internet archive services – even after you remove it.
● Create a system for documenting abuse, especially anything that you feel is especially threatening and could lead to a physical attack. Document accounts that regularly troll you and take screenshots of offensive messages or images that include the date, time, and the name or handle of the harasser. Creating a timeline can be helpful when speaking with your media outlet or the authorities.
For more information, consult CPJ’s Digital Safety Kit, also Español, Français, Русский, Português, العربية, Afsoomaali, አማርኛ, and ဗမာစာ. CPJ’s safety advisory on covering the coronavirus outbreak is available in multiple languages.