The Internet makes things convenient. But don’t forget to keep your newsroom secure.

There are plenty of tools out there, but a change in mindset may be your best bet

By Tanya Mariano
Splice Fellow

At a time when social media profiles seem to act as validators of identity, Bobby Soriano is essentially a ghost: you won’t find him on Facebook or Instagram, and a Google search reveals only a tiny digital footprint (he wouldn’t want us to run a profile photo of him either).

But that’s probably exactly what you’d expect from a digital safety and security expert.

“I miss out on a lot of intimate banter between friends, but that eventually lands to me somehow when I [meet up] with them anyway,” he says.

At a Splice Beta masterclass, Soriano, a digital safety adviser and digital security trainer based in the Philippines, spoke to a room full of media professionals about how to keep their newsrooms safe in the digital age.

Weaving safety and security into your media organisation’s DNA

The repercussions of a security breach on a newsroom can be huge. Compromising the identity of a source, for instance, could actually put lives in danger. And while Soriano says many news organisations already think about safety and security, a lot of it is reactive rather than pre-emptive: “It’s mostly a knee-jerk reaction to a certain situation. It’s not built in.”

He’s convinced that safety and security should be intrinsic to a company’s DNA, especially when almost everything is connected to the Internet and security incidents are becoming alarmingly common.

The urgency is even greater for small media startups. Huge companies like Google and Facebook may be able to weather some serious security breaches, but similar incidents could spell the end for a startup.

“It’s a trust issue. If you’re a startup, you need a community, you need to gain the trust of that community, and after you’ve gained their trust, maybe you can ask them for money,” Soriano says. “In between that period, if you have a data breach, you’re done.”

He stresses the need to plan ahead: “If you don’t build in safety and security from the very start and you have a security incident, you will need to [gather] the resources [to deal with it]. If [the resources are] not there, that will impact your organisation. But if you build it in from the very start, then you will always have an earmarked amount to be able to respond to it. It lessens the level of disruption.”

 

All about communication

Communication is at the heart of the Internet, Soriano points out. But while it can be incredibly convenient, media professionals need to keep asking themselves:

“If I send this piece of information, will I put anyone — myself, the receiver, other people — in danger?”

One way to make the question seem less daunting, Soriano says, is to break down the larger concept of communication into smaller, fundamental components. “If you break down the components of communication, of the Internet, you can determine which parts you can secure, and which ones you can’t.”

 

Sender and receiver: it’s all about identity

“There’s no tool to help you secure your identity online,” Soriano says. “All you can do is manage it.”

The more fragmented your identity over the Internet, the more secure it is. Soriano recommends having separate email addresses for work, family, finances, and social media accounts. It might sound like a pain, but, as he points out: “I always say, if it’s convenient for you, it’s convenient for the person who will attack you.”

 

What are you communicating (and do you realise how much you’re communicating)?

Messages, on the other hand, can be secured through encryption. But it’s not just about the content of the message — one’s got to be aware of the metadata too. Every Word document, for instance, contains information of the computer that created it. If security is of the utmost concern, then one has to think about finding ways to strip metadata.

 

What platforms and service providers are you using?

The medium refers to telcos, Internet service providers, social media platforms, e-commerce sites, and other such channels through which information is transmitted. Soriano recommends not getting too attached to any one service, and having a migration plan should any of these platforms fall through.

 

Other ways to boost security

On top of this, newsrooms can also boost security through the use of VPNs and programs that encrypt files before uploading them to the cloud. Services such as RiseupVPN and VeraCrypt (which can encrypt and hide files on your Windows computer) could be a good place to start.

But it’s not just a matter of downloading as many security apps or applying for as many encrypted email accounts as possible. Soriano always emphasises that the most important change that needs to happen is behavioural: “The tools are not the solution. They just guide you in a certain direction and help make you more secure.”

Tanya is a Manila-based freelance writer who covers startups, entrepreneurship, travel, lifestyle, and culture. She also works with an NGO that empowers local communities through resilience-building projects. Follow Tanya Mariano on Twitter.

more about us

Hello — we’re Splice.

Our mission is to drive radical change by supporting bold, forward-looking media startups in Asia. In order to do this, we report on, teach, transform and fund newsrooms in Asia.

Splice Beta 2020 is coming to Chiang Mai February 18-20. Join us!

Our newsletters are read by some of the smartest people in global media.

We’re Alan Soon and Rishad Patel, and there’s more about us here.

Splice is available for speaking engagements, to run workshops, product sponsorships, custom research, design audits, and consulting. Email us.

We also have a Telegram group. Come say hi!

Thanks for subscribing!