The Committee to Protect Journalists has launched a new, updated Digital Safety Kit for journalists looking to better protect themselves, their sources, and their information. The kit, produced by CPJ's Emergencies Response Team, combines six bite-sized safety notes on different topics in an accessible format that is easy to digest.
Each note contains practical advice to help journalists navigate digital threats like phishing, and one for the specific scenario of crossing borders.
In the ever-changing world of digital security, the new format will allow CPJ to expand the kit to reflect the latest information. The date of any update or detailed review will appear in the text.
The kit is available in French, Spanish, and Russian and the text is licensed under Creative Commons. Journalists and media organizations are free to use and share the text of the kit under the terms of the license (CC BY-NC-ND 4.0).
Some basic digital safety tips for any journalist are below.
To secure your accounts:
- Use a password manager to create long, unique passwords for all your accounts. Do not reuse passwords or use Facebook, Google, or another service to log in to other sites.
- Turn on two-factor authentication (2FA) for all your accounts for extra security in addition to a password. A physical security key, such as a Yubikey, is recommended to foil sophisticated hackers.
- Check the privacy settings for your social media accounts. Understand what information about you is public and hide or remove anything attached to your identity personal like your phone number or date of birth.
- Be aware of targeted phishing attacks in the form of personalized messages sent via email, social media, messaging apps, or SMS to trick you into revealing information or clicking on a link or an attachment to install malware.
- Review your accounts regularly for suspicious behavior. Service providers generally allow you to view the location of any device that is logged in, and other apps with permission to access your account. If you notice anything suspicious, log out and change your password.
To secure your devices:
- Lock your devices with a PIN. The longer your personal identification number or password, the more difficult it will be for others to unlock.
- Avoid leaving devices alone, for example when charging them in public.
- Do not use chargers or USB sticks given to you by others, since they may carry malware.
- Update your software regularly. Running the latest software will help to better protect you against malware and spyware. Enable automatic updates or install them as soon as they are released to benefit from the latest security fixes.
- Turn on full disk encryption for your devices where possible, to protect your information if they are stolen or accessed. Power off devices when they are not in use.
Read more: Device security.
To communicate securely:
- Think about the most secure way to communicate with sources and other journalists prior to reaching out.
- Learn about the communication tools you are using. Who owns them and do they have a good reputation for privacy and security? Could they put you or your contact at risk?
- Understand how metadata that companies collect about you can make you vulnerable. Metadata that reveals where you are and who you talk to can be used to build up a profile of you and those that you communicate with.
- Assume that every call, SMS message and unencrypted email can be intercepted. Switch to more secure messaging apps such as Signal where possible.
Read more: Encrypt communications.
To use the internet securely:
- Use a VPN, a virtual private network that conceals your traffic from your internet service provider, especially when you access WiFi in public places like a hotel, café, or airport.
- Install browser add-ons such as HTTPS Everywhere or Privacy Badger, developed by experts to enhance your privacy and security when you visit websites.
Read more: Secure internet use.
More information is available in CPJ's Digital Safety Kit.