SKeyes Center for Media and Cultural Freedom - Samir Kassir Foundation

2020, a Digital Safety Year for Media Professionals

Wednesday , 08 January 2020
In 2017, BBC Arabic presenter and President of the Samir Kassir Foundation, Gisèle Khoury, had her phone hacked by the U.A.E. in the midst of diplomatic tensions between Qatar and Saudi Arabia. Journalists and media professionals around the world are becoming targets for cyber-attacks and malicious hackers. With a new decade ahead and more cascading technological disruptions to come, digital safety becomes essential in an era of surveillance and cybercrime. While many media professionals tend to train themselves through workshops on digital safety, most newsrooms, media outlets, and journalists remain insufficiently trained.
Digital safety 101: Be safe online and take control of your privacy 
One basic rule is to use a secure Internet browser with an “Incognito mode”, if you are not already doing it. Whether you want to choose Mozilla Firefox, Google Chrome or Opera depends on your preferences, and your own threat assessment. One of the main issues with non-secure browsing is that some websites keep track of your preferences and activities. You can also get invaded with ads: simply block them with uBlock Origin and Privacy Badger. When you’re visiting a website, make sure it is secure by checking if it is designed in “https;”check out HTTPS Everywhere for that. Also try to avoid public WIFIs and unknown networks. In case you cannot do differently, use a VPN connection. Note that the VPN will nonetheless make your connection slower.
E-mailing, as browsing the web, is something most of us do on a daily basis – either on our smartphones or computers. As browsing, it is not without risk. Phishing attempts were on the rise in 2018 and 2019, causing a great threat for organizations, companies, newsrooms, journalists and outlets. During an interview conducted with Michel Touma, editor-in-chief at L’Orient-le-Jour, he told the Samir Kassir Foundation he had been victim of a phishing attack a couple of years ago, which forced him to contact all his colleagues at the office. Thankfully, his work was not put in jeopardy in the end. A simple way to avoid phishing consists in being hyper cautious with untrusted links. To be phished, you need to click on a link, so if you are not totally sure about a link, just don’t click on it. But beware: phishing is not only something that can be done out of a computer, also use caution with text messages and be extremely careful when opening attachments. Try to double-check with the sender it is supposed to be coming from if you have any doubt. One last tip for journalists or people that want to secure their communications: try out ProtonMail. This tool is Swiss-based, so you’ll benefit from data security and privacy, all e-mails are encrypted end-to-end, you can stay anonymous (no personal information is required to subscribe), and no IP logs are kept. It is opensource, which allows transparency in-design for users. Finally, a good way to monitor suspicious activity and stay safe online consists in checking and reviewing your online activity with the time and origin of your logins. If something seems strange, report it and change your passwords.
Act as an Internet user, think like a hacker
You want to take back control of your privacy? Put yourself in the mind of a hacker.
As an Internet user, you inevitably have an online presence; you leave tracks that can lead back to your home address, but also to your family, loved ones, colleagues and friends. Think of your data as a currency; think of your data as something you do not want to simply give away for free, but that you must protect for your own safety. This goes without saying, do not publish your phone number or address online. Just try to review all the available information about you on the web. One relevant question to ask yourself when doing this is: “who can get access to what? And who can see what exactly?” This will help you clean up your social media accounts and change some settings towards more privacy (on Twitter, Facebook, Instagram, etc.). Citizen Lab’s Security Planner and NSCA will help you do it. Remember that the best way to keep your privacy is not to be on these platforms and to refrain from publishing personal content. But it’s 2020, so who does not have a Facebook account nowadays? If it is the case, always seold_parate your personal life from your professional one. And for personal accounts, use usernames that will make it hard for people to find you. Follow this principle for your emails as well: you can have one personal e-mail for your friends and your family and a different one you use to register on websites. Read privacy policies and be extremely mindful of the data you give out – sometimes giving them is not mandatory to use the service.
What about a little digital detox for 2020? Research yourself online and get rid of all the undesired information about you on the web : you can request to remove them from Google here or Yahoo on this link. Try also different research engines such as Duckduckgo; it is also a very good research engine for privacy. Note that this action will remove the data from major research engines, but not from its original content. Alas, what’s on the Internet stays on the Internet. Some services also help you to opt-out from platforms that collected your data; reclaim yourself with Mine, DeleteMe, or StopDataMining. If you want to check if one of your e-mail addresses has been compromised, visit Haveibeenpwned.
Secure your accounts and your devices
Hackers make money out of easy targets by guessing your passwords and intruding into your data. Governments and malicious adversaries can also do the same to get access to your data. On this subject: two important steps. First, use strong passwords. Second, use multi-factor authentication. Please note that using SMS verification services is not as secured as you might think. Avoid this option: SIM card hijacking exists and phone numbers are deeply flawed security method.
Here is an important thing to do for journalists: secure yourself but also secure your sources. To do so, use encryption for your devices but also safe channels of communications. Encrypt and password-protect your smartphone and your laptops/computers (this can be easily done on MAC and PCs) and it can be efficient if your device gets stolen or lost since access to your data will become more difficult. For Mac users, enable FileVault. For Windows users, enable device encryption. Download a password manager such as Bitwarden. As per the channels of communications with your sources try out end-to-end encryption apps like Signal. Get yourself a good VPN like NordVPN and if you work on extremely sensitive issues do not hesitate to use TAILS: an encrypted, leave-no-trace operating system that you can download on a USB stick. For a tutorial, check out this link.
The core idea of digital security is that it relies on a chain. If there is a single weakness within the security chain, this chain is not secured anymore. Implementing a digital security culture within a workspace like a newsroom thus entails to focus on any weak link and work on secured tools and devices. Check out Wire for a comprehensive and secured encrypted end-to-end collaboration tool. Consequently, even basic gestures must become reflexes for each employee and shall be strictly respected. These basic things start with strong password protection as mentioned and software updates; they contain important security improvements. Also try to keep an eye on your devices: if you leave your laptop or your smartphone to someone more than five minutes, it can get easily hacked. If a security agent takes your phone at an airport more than five minutes, it is likely compromised (you can hack a phone with the IMEI number). Shut your laptop if you walk away to avoid physical hacking. Last but not least: do not forget to protect your devices and operating systems against malwares and unauthorized access (check Malwarebytes and use a Firewall). A malware is a software that is trying to damage your device. A virus is a bit different and targets your device, however, in order to be executed, you have to click on it. Think of quick solutions if you have a doubt, go to Virus Total: an online tool that analyzes suspicious files and URLs to detect types of malware and share them with the security community to stay up to date; hackers are usually ahead of cybersecurity companies.
For newsrooms and media professionals, it its sometimes difficult (financially speaking) to implement a cybersecurity culture with training workshops and to invest in this field, as we have heard during interviews with different outlets working in the MENA region and elsewhere. But as shown throughout this article, there are many solutions (most of the time free or not very expensive) that can allow you to start building habits to stay safe online for the year ahead. So spread the word.  

Share News