“Digital Security and Secured Communication, essential tools for Journalist in the Digital Age”, Noutcha Prudence, Senior Program Director at NewSeta
By Pedmia Shatu Tita
At the on-going National Training of
Cameroonian Journalists taking place in Yaounde, journalists have been
reminded of the need for digital security and Secured Communication in a
digital Age. This was done by Prudence Noutcha, the Senior Programs
Direct of the Network for Solidarity, Empowerment and Transformation for
all.
In a very participatory session, Prudence
engaged participants in their daily activities using their digital
gadgets such as phones, Ipads, laptops, desktops etc. Most of the
participants answered in the affirmative when the issues of passwords on
phones and machines as well as documents were raised. Madame Prudence
reiterated that there is need as journalist to secure information since
they deal with very delicate information which if exposed may lead to
harm on the journalist in question and even loss of integrity.
Considering that journalists use a variety
of online accounts and these hold both personal and work-related
information on themselves, their colleagues, families and sources.
Securing these accounts and regularly backing up and removing
information will help protect against hackers, Madame Prudence opined.
She advanced the following steps which to her according to research are
particularly important for journalists who may be targeted by an
adversary with sophisticated tech capacity.
- Think about what information is stored in each account, and what the consequences would be for you, your family, and your sources if your account is breached.
- Review your privacy settings and understand what information is public, especially on social media.
- Create backup copies of any information that is sensitive or that you would not want made public, including private messages, then delete them from your account or device. Store the copies securely on an external drive or in the cloud.
- Delete any accounts that you no longer use. Remember to create copies of any information you want to save.
- Create long, unique passwords for every account. Do not reuse passwords. Use a password manager to help you manage your passwords.
- Turn on two-factor authentication (2FA).
- Regularly review the ‘account activity’ section of each of your accounts. This will reveal if devices you don’t recognize are logged in.
To secure devices, Prudence advised that
devices be locked with a password, code, or PIN. Longer personal
identification numbers or passwords are more difficult for others to
unlock, update your operating system when prompted to help protect
devices against the latest malware, audit the information stored on your
devices and consider how it could put you or others at risk, back up
your devices regularly in case they are destroyed, lost, or stolen.
Store the backup copies securely, away from your regular workstation,
delete sensitive information regularly, including chat messages. To
prevent an adversary from restoring deleted files, use secure deletion
software to wipe the device, if available; otherwise reset it and use it
for unrelated activities in order to rewrite the device memory. (Back
up anything you want to keep first or you will lose all your data.),
don’t leave devices unattended in public, including when charging, as
they could be stolen or tampered with, don’t plug devices into public
USB ports or use USB flash drives that are handed out free at events.
These could come loaded with malware which could infect your computer
and be aware that your device may back up your data to the cloud account
linked to the phone. Information stored in the cloud may not be
encrypted. You can turn off automatic backups in the settings.
For secured communication, journalists
learned that journalists can communicate with sources more securely
using encrypted messaging apps or software that encrypts email so only
the intended recipient can read it. Some tools are easier to use than
others. Encryption protects the content of messages, but the companies
involved can still see the metadata, including when you sent the
message, who received it, and other revealing details. Companies have
different policies on how they store this data and how they respond when
authorities ask for it.
Recommended messaging apps offer
end-to-end encryption, meaning that the information is encrypted when it
is being sent from the sender to the recipient. Both parties must have
an account with the same app. anyone with access to a device sending or
receiving the message or to the password of the account linked to the
app can still intercept the message content. Examples of messaging apps
with end-to-end encryption include Signal, WhatsApp, and Telegram.
Since Journalists often have a public
profile and share their contact details to solicit tips. Adversaries
looking to access journalists’ data and devices can target them–or a
colleague or family member–with phishing attacks in the form of tailored
email, SMS, social media, or chat messages designed to trick the
recipient into sharing sensitive information or installing malware by
clicking on a link or downloading a file. There are many types of
malware and spyware which range in sophistication, but the most advanced
can grant a remote attackers access to the device and all of its
content.
To defend against phishing attacks she
advanced the following tips; Research the tech capabilities of your
adversaries to understand the threat and the likelihood you or someone
you know could be a target, be wary of messages that urge you to do
something quickly or appear to be offering you something that appears to
good to be true, especially if they involve clicking on a link or
downloading an attachment, check the details of the sender’s account and
the message content carefully to see if it is legitimate. Small
variations in spelling, grammar, layout, or tone may indicate the
account has been spoofed or hacked, verify the message with the sender
using an alternative method, like a phone call, if anything about it is
suspicious or unexpected, think carefully before clicking on links even
if the message appears to be from someone you know. Hover your cursor
over links to see if the URL looks legitimate, preview any attachments
you receive by email; if you do not download the document, any malware
will be contained. If in doubt, call the sender and ask them to copy the
content into the email, upload suspicious links and documents to Virus
Total, a service that will scan them for possible malware, though only
those that are known, enable automatic updates and keep all software on
your devices up-to-date. This will fix known vulnerabilities that
malware relies on to compromise your security and stay particularly
alert to phishing attempts during elections and periods of unrest or if
colleagues or local civil society groups report being targeted.
Comments