Journalists and digital security

Journalists and digital security


by Maurice Oniango

Back to Blog

Ask any journalist what is one of their worst fear and most probably they will tell you security. Journalists are always under threat irrespective of what issues they cover be it politics, business, sports or any other beat.

So, last week when I received communication that the IACC’s Young Journalists attending Double Exposure Investigative Film Festival in Washington DC will undergo a digital security training, I was excited and looked forward to the session.

Photo credits: Rajneesh Bhandari

Digital technology has improved and eased our work as journalists. When we look back at the pioneers of journalism, the equipment and technology that was used back then, we realize how digital technology has enriched our practice. Today with just your phone you are capable of recording audio, filming and editing videos, typing news stories and publishing your work to an audience.

But the use of digital technology improvements comes with risks and threats. The biggest risk being security; just with a click of a mouse, hackers are able to intercept phone conversations, read and reply emails (pretending to be the journalist), read text messages and even hack and alter published stories to discredit the publisher or the journalist.

This is why journalists need to be vigilant not only for their own sake but as well as protecting their sources and their research. Imagine a scenario your online account (Twitter, Facebook, Instagram etc.) is taken over by an anonymous individual in order to disseminate fake news or discredit you or the worse scenario whereby you have hidden the identity of a whistleblower who is a source in a story you are working on but an interested party gets hackers to hack your computer and or your mobile phone to get the details of the whistleblower. That will be tragic if the hacker succeeds, so here I will share some tips I have learnt from the training that will be of help to you and your protected sources.

1. Use Signal messaging app

An instant messaging platform, just like Facebook-owned and more popular WhatsApp and Messenger, Signal is very different from the two with its secure form of end-to-end encryption for both text and voice messages. The app also hides all the metadata, including details of who sent the message which means that the only person who will see the message is the intended receiver. No one can intercept your signal message and even Signal cannot see what is in your message.

What I love more about is signal its feature that allows messages to self-destruct at a given interval from as little as five seconds to one week. So, if you feel that the conversation you have had should stay in neither your phone nor the recipient’s, you set the time for the messages to be destroyed as soon as it is read and there’s nothing the recipient can do to stop it from disappearing. This is very helpful in case your handset falls in the wrong hands. The other reason I prefer using Signal is its screen security feature whereby you can enhance privacy settings by enabling screen security which blocks other apps from taking screenshots of your chats on Signal.

Signal is free and has apps for Android, iOS and Desktop.

2. Use secure email services

Just like your messaging, use encrypted email services to protect your emails from being read by any prying eyes. When sending an email over unsecured or public Wi-Fi networks you are very vulnerable and using an encrypted email service scrambles the content of the email and makes it unreadable if someone intercepts its. Some of the most secure email services include; Tutanota, ProtonMail, KolabNow, SCRYPTmail among others. Some of the services like Tutanota can be used free to use for private users while others do charge a fee.

3. Use secured passwords

One of the common mistake many of us make when it comes to passwords is using recognizable words or combinations that represent important days or information that can be connected to you e.g. your puppy’s name is Jojo and your password is Jojo2019. It will not take long for a hacker to gain access to your computer network or mobile phone. Using secure and complex passwords is the most important way to prevent illegal intrusions onto your digital space. The longer and more complicated the password, the harder it is for a hacker to break in. Use a password that has at least over eight characters and combination of numbers, upper and lower case letters and symbols. Use a combination of numbers in a word if possible and input your caps at the least expected place in the word/sentence for instance; p@55w0Rd (the word password is one of the weakest passwords)

4. Install anti-virus software on your computer.

One way hackers use to access your computer is through the use of malware. These are softwares such as Trojans that are specifically designed to damage, disrupt or gain unauthorized access to your computer. The thought of losing important files in your computer because of a malware attack should be reason enough for you to install an antivirus. Antivirus immunizes your computer against any unauthorized code or software that threaten your computer.

5. Use a Firewall

Installing anti-virus software is not enough. A firewall is a software designed to create a barrier between information in your computer and the outside world. Enabling the firewall is the first thing anyone who cares about their digital security ought to do with their new computer (or with the one you are using now if not enabled) before going online because it is a stronger layer of security that you need. They prevent unauthorized access and alert you in case of intrusion attempts.

6. Don’t plug any USB device to your computer from untrusted people

You are using your laptop in your favourite out of office/home working area and a stranger or someone you have seen several times but you really don’t know them well approaches you with their phone and a cable, they need you to charge their phone, what do you do? Hackers can use USB sticks and USB cables to hijack your computer. When plugged into your computer the device can be triggered remotely and take over your computer, search for files, copy them on the connected device and even hide files from your computer. All these will be happening in the background without your knowledge hence the need to be vigilant on whom or what you connect on your computer.

To learn more about Journalists for transparency, visit

By Maurice Oniang’o, Young Journalist.



Joint the conversation on social media #IACC2024