It’s the notification we all dread: your account has been compromised. Panic sets in, followed closely by frustration for having used your cat’s name for 80 per cent of your account passwords. The dread compounds when you consider that your indie outlet, and maybe even your staff, could be affected.
As indie publishers, we often don’t have the luxury of hiring cybersecurity firms to protect our business. But preparation is much more effective than damage control. To make the journey through the world of cybersecurity slightly less overwhelming, here are some essential steps you can take.
Consider your risk
If you’re a racialized journalist, identify as a woman or LGBTQ2S person, or report on sensitive issues, you will have unique security needs. To help with assessing your risk, the Ford Foundation’s Cybersecurity Assessment Tool is a great place to start.
Practice digital work-life balance
Just because you’re at the helm does not mean you should have your personal information attached to your organization. Be diligent about using separate emails, usernames and passwords for personal and business use. This is especially important for remote teams that share account information regularly. Use a password manager like KeePass to make life easier.
Scrub your personal information
Dox yourself! Google personal information like your phone number, name and email and get to work removing them. Set up a Google Alert for this information to get ahead of it.
Use fake names and fake birth dates as much as possible. Just because for-profit apps ask for this info all of the time does not mean we should hand personal information out like candy.
Use a burner email for sketchy account sign ups. You shouldn’t be using the same email address to communicate with your accountant and play Donut County.
Ever heard of SIM Jacking? Hopefully you never have to. Ask your phone provider to add a PIN to your account and protect your SIM card from being hijacked.
Set up a virtual phone number (like Google Voice) and make it the only number you use publicly.
Opt out of data brokers’ lists. It’s time consuming, so focus on the big players like Epsilon and Acxiom. To take this to the next level, use the Big Ass Data Brokers Opt-Out List.
Remove yourself from white pages and other people-search sites with these tips from Consumer Reports.
Delete your name from your devices (phone, tablet, laptop) so that it doesn’t show up to everyone around you with Bluetooth enabled.
Clean up your digital footprint
Axe unnecessary apps. Every time you add an app to your browser, social media accounts, phone or desktop computer, you’re giving a new entity access to your information. Clear them out regularly. You can check accounts linked to Google here.
Be careful about app permissions in general. If they don’t need access to your photo library, don’t give it to them. And turn off location tracking. It’s creepy!
You can check if your account credentials have been leaked with Have I Been Pwned.
Tighten up security
If you do one thing right now, add two-factor authentication to your accounts. Avoid using your primary phone number, however. Apps like Google Authenticator are preferable.
Use a VPN to hide your IP address. (Check out Wirecutter’s guide to secure VPNs for more.)
Use Google’s password manager to eliminate duplicate passwords and to make existing passwords longer and more complex.
You can also start using a privacy-conscious browser like Tor Browser, Firefox or Chromium, and make your browsing more secure by installing the extension HTTPS everywhere.
Remember: the digital security landscape is always changing. If your worst cybersecurity fear becomes reality, try not to panic. Access Now offers a free digital security helpline to help organizations and people recover from an attack.
Here are some additional sources to check out:
- Data Detox Kit by Tactical Tech
- Security Planner by Consumer Reports
- Cybersecurity Toolkit for small businesses by Global Cyber Alliance
- A digital security guide by the European Journalism Centre
- Digital Safety, Privacy & Surveillance webinar by PEN America and Freedom of the Press Foundation
- An Evaluation of Online Security Guides for Journalists by UC Berkeley
- Online Harassment Field Manual by PEN America
In the news
- Virtual events could be here to stay as publishers realize “the afterlife of [them are] equally important.”
- In this essay, Zainab Iqbal expertly articulates the challenges she faces as a Muslim journalist: “Sometimes all people see is my hijab.”
- Journalists might live on Twitter, but does it drive results for publishers?
Opportunities and education
- The deadline to apply to the Lenfest Institute’s latest course on newsroom funding is fast-approaching. Have you applied?
And one more thing…
- One of our partners, Briarpatch magazine, just put out their July/August issue, “Sharing treaty land in Saskatchewan.” Congrats!