5 tips for securing your work online

Digital security post-Snowden has become a staple of the reporter’s toolkit. If you want extra layers of protection for your work but aren’t sure where to begin, your first move as a Gmail user should probably be with the service’s two-step verification. CJR also spoke with several cybersecurity experts to put together an essential set of tools for journalists, starting with the simplest and ending with the safest. All of them are open source or included with most operating systems.

1. Secure your hard drive
Mac: Filevault
Windows: Bitlocker

Both of these tools encrypt your entire hard drive, making data impossible to access if your computer is stolen. And both are included free with many versions of your operating system.

2. Send safer email
Enigmail with email client Thunderbird

Using PGP (“Pretty Good Privacy”) encryption, these tools ensure that only your email recipient will be able to read your message. Anyone who intercepts the message will just see a string of nonsensical characters. Cameran Ashraf, a digital safety trainer for Global Journalist Security, calls it “about as good as it gets for secured electronic communications.”

3. Make it easy for sources to chat…

CJR heard Cryptocat called “the gateway drug of encryption” when we first covered it in 2013, for its easy-to-use, intuitive interface. It’s a platform for encrypted instant messaging—available both on computers and smartphones—and doesn’t require users to make an account.

Sign up for CJR's daily email

4. …And for them to pass important files

The Guardian, Gawker Media, and The New Yorker all use SecureDrop to allow whistleblowers to leak documents anonymously. However, it requires your organization to set up the infrastructure. “The platform may come across as more complex but it really is a solution that takes all sorts of threats into account,” said Runa A. Sandvik from the Freedom of the Press Foundation. For individuals trying to receive files anonymously, Michael Carbone of digital rights NGO Access recommends OnionShare.

5. Use a disposable OS

Tails is essentially an operating system on a USB stick—loaded with tools like Tor, which hides your location when browsing—that you plug into a computer. “I liken it to the way doctors change gloves,” says Susan E. McGregor, assistant director of Columbia’s Tow Center for Digital Journalism. The computer leaves no trace that Tails was used, and Tails wipes itself clean after each session. That means it retains no cookies or identifying information, and even if you’re attacked by malware, hackers will have nothing to steal.

Has America ever needed a media watchdog more than now? Help us by joining CJR today.

Chris Ip is a CJR Delacorte Fellow. Follow him on Twitter at @chrisiptw. This story was published in the May/June 2015 issue of CJR with the headline, "Cybersecurity 101."