How do you vet tech products to protect journalists and editors from cyberthreats?
The products that we recommend to the newsroom are the products we use ourselves, such as Signal for secure mobile communications. Before we use or recommend a product, we make sure we understand how it works, its limitations and how it protects our users. Is it easy to use? Has the product been reviewed by other security researchers? How many people are using it? We look at all these issues.
What’s one tool or product that you have found to be effective in protecting the newsroom, and why does it work?
Journalists often need to click on links and attachments from people they don’t know, and it’s our job to help them do so securely. One product that is effective in protecting against phishing of online accounts is the Security Key, which is a physical device that connects to your computer just like a thumb drive. The key is supported by both Google and Facebook.
The Security Key can be used as an alternative to SMS or an authenticator app for two-factor authentication, which is a way to secure your accounts by requiring not just your user name or password, but something you have. The key uses cryptography instead of randomly generated codes and works only with the sites that it’s set up to work with — not lookalike sites that might’ve been developed with malicious intent.
What is your biggest tip for people for protecting their online security and privacy?
The best things you can do are to use a password manager, set up two-factor authentication on the sites that offer it and keep all software up to date. Doing so helps secure access to your online accounts and limits your exposure to phishing and…