Articles

1. 

   Security for Journalists, Part One: The Basics

   By Jonathan Stray

   Posted on August 5, 2014

   This overview begins with a brief introduction to assessing newsroom security threats broadly, and moves on to more detailed recommendations. Jonathan Stray gets into specifics about strong authentication practices, as well as how to identify fake login pages and malicious attachments designed to steal your credentials, or to give an attacker access to your computer.

2. 

   Two-Factor Authentication for Newsrooms

   By Martin Shelton

   Posted on May 11, 2017

   I recently wrote an article on what newsrooms should know about two-factor authentication (2FA), which strengthens login security by requiring a second piece of information beyond a password. I describe multiple methods for using 2FA, and their relative advantages, before showing examples of how to set it up. I also briefly describe considerations for teams that rely on 2FA.

3. Password Managers for Beginners

   By Martin Shelton, The Coral Project

   Though we know we shouldn’t, we often reuse passwords because they’re hard to remember. This can be dangerous because a single password breach on one website would allow an attacker to access numerous other services. This short guide (by me) introduces the need for unique passwords to isolate breaches, and how to choose a password manager that can make browsing the web safer and more efficient.

4. Anti-Phishing and Email Hygiene

   By Harlo Holmes, Freedom of the Press Foundation

   One of the most common security threats journalists will run into is simple—convincing you to enter your credentials into a fake login form, sent in a “phishing” email. This article from Harlo Holmes covers how to identify the telltale signs, and simple defenses.

5. The Digital First Aid Kit: Malware

   A collaboration between several digital rights NGOs, this guide examines the basics of malware - malicious software designed to give an attacker access to your machine. It describes signs that your device might be infected, steps for addressing the issue, and precautions for avoiding malware in the future. It also includes information about when and how to contact a security professional about a potential breach.

6. Signal for Beginners

   By Martin Shelton, The Coral Project

   This is not strictly related to account security, but encryption can help minimize damage when someone gets into your messaging accounts. Newsroom messaging accounts (e.g., email) are breached far too often. It’s not a matter of if, but when. To minimize damage, it’s wise to make a habit of avoiding unencrypted messages over email and to delete old messages whenever possible. A secure messaging app, Signal, makes this easy. I recently published this guide to getting started with Signal for iPhones and Android devices. When possible and practical, send Signal messages instead.

7. VirusTotal

   VirusTotal is a free service that allows you to quickly scan files and URLs for malicious content. VirusTotal compares the composition of a file (its alphanumeric hash) to known malicious file hashes in its public database. It can be a helpful option for analyzing suspicious materials, rather than executing them on your machine. While VirusTotal will not make your uploaded files publicly available, its analyses are entirely public. It’s a good option for scanning for malware when you are not concerned about the privacy of a particular file.

8. Two-Factor Auth

   Two Factor Auth is an enormous list of websites, and information on whether they support two-factor authentication. The site includes links with instructions for setting up two-factor authentication on all supportive web services. Just type in your favorite service and go. It’s especially important to set up 2FA on your primary email - if an attacker gets your email, they can recover your other accounts.