With these digital safety tips, you can mitigate any attempted online security breach.
It’s the notification we all dread: your account has been compromised. Panic sets in, followed closely by frustration for having used your cat’s name for 80 per cent of your account passwords. The dread compounds when you consider that your indie outlet, and maybe even your staff, could be affected.
As indie publishers, we often don’t have the luxury of hiring cybersecurity firms to protect our business. But preparation is much more effective than damage control. To make the journey through the world of cybersecurity slightly less overwhelming, here are some essential steps you can take.
Consider your risk
If you’re a racialized journalist, identify as a woman or LGBTQ2S person, or report on sensitive issues, you will have unique security needs. To help with assessing your risk, the Ford Foundation’s Cybersecurity Assessment Tool is a great place to start.
Practice digital work-life balance
Just because you’re at the helm does not mean you should have your personal information attached to your organization. Be diligent about using separate emails, usernames and passwords for personal and business use. This is especially important for remote teams that share account information regularly. Use a password manager like KeePass to make life easier.
Scrub your personal information
Dox yourself! Google personal information like your phone number, name and email and get to work removing them. Set up a Google Alert for this information to get ahead of it.
Use fake names and fake birth dates as much as possible. Just because for-profit apps ask for this info all of the time does not mean we should hand personal information out like candy.
Use a burner email for sketchy account sign ups. You shouldn’t be using the same email address to communicate with your accountant and play Donut County.
Ever heard of SIM Jacking? Hopefully you never have to. Ask your phone provider to add a PIN to your account and protect your SIM card from being hijacked.
Set up a virtual phone number (like Google Voice) and make it the only number you use publicly.
Remove yourself from white pages and other people-search sites with these tips from Consumer Reports.
Delete your name from your devices (phone, tablet, laptop) so that it doesn’t show up to everyone around you with Bluetooth enabled.
Clean up your digital footprint
Axe unnecessary apps. Every time you add an app to your browser, social media accounts, phone or desktop computer, you’re giving a new entity access to your information. Clear them out regularly. You can check accounts linked to Google here.
Be careful about app permissions in general. If they don’t need access to your photo library, don’t give it to them. And turn off location tracking. It’s creepy!
You can check if your account credentials have been leaked with Have I Been Pwned.
Tighten up security
If you do one thing right now, add two-factor authentication to your accounts. Avoid using your primary phone number, however. Apps like Google Authenticator are preferable.
Use a VPN to hide your IP address. (Check out Wirecutter’s guide to secure VPNs for more.)
Use Google’s password manager to eliminate duplicate passwords and to make existing passwords longer and more complex.
Remember: the digital security landscape is always changing. If your worst cybersecurity fear becomes reality, try not to panic. Access Now offers a free digital security helpline to help organizations and people recover from an attack.
Here are some additional sources to check out:
In the news
Opportunities and education
And one more thing…