OPSEC for journalists: F-Secure honors the right to report without fear or favor
As a pandemic ravages the globe, the need for reliable news is a matter of life and death. That’s why F-Secure is marking World Press Freedom Day by taking steps to help journalists protect the free speech critical to their work.
If you’re a member of the press and would like a free year of our award-winning FREEDOME VPN to use on three devices, email PR at F-Secure.com by May 15th and include something that identifies you as a journalist. Your twitter handle, a link to a favorite piece of published work or even your email address connected to a publication will work.
We will collect your email address in accordance with our privacy policy in order to deliver the software key and will not use it for any further correspondence unless you request otherwise.
This is a token of our appreciation for the vital work members of the press do. And while a VPN is an essential need for safeguarding data, it’s just one tool for those who aim to report without fear or favor—the theme of this year’s World Press Freedom Day.
A fluid process that is never done
Everyone has, produces, and stores information – physically or electronically – that can be used to identify them. It is extractable, exploitable, social-engineerable, sellable. And journalists, especially high profile journalists or those reporting information powerful people don’t want public, are high-value targets.
Operational security (OPSEC) is a fluid process that is never done. No OPSEC recommendation is permanent or infallible. A bad software update or the exploitation of a known or unknown vulnerability could alter your risks in seconds.
However, one recommendation that will likely remain true now and for the foreseeable future—use a VPN you trust.
Why a VPN?
Journalists may find the need to connect to the internet by any means necessary. But unsecured public Wi-Fi networks aren’t just free for you, they’re also free for snoopers to use sniffers to detect and localize network traffic. All your traffic, device details, and MAC address are unencrypted.
A virtual private network, better known as a VPN, not only ensures that your traffic is encrypted, but allows you to specify your location. It also analyzes your traffic for anomalies, so you don’t become an anomaly yourself.
Without a VPN, it’s trivial for anyone else using the same wi-fi to see most of what you’re doing online. Think of this tool as a “guardian-in-the-middle” and keep in mind that not all VPNs are the same. Every provider must be able to answer key questions about the integrity of its service. Here are our answers.
Assess yourself
But, to repeat, a VPN alone isn’t OPSEC. So here are some key foundations the OPSEC process.
Understand the tools you use. Assess what you are trying to protect. Assess where you are protecting the information. Assess which threats you are trying to protect against. Assess how long the information needs to be protected. Assess what happens if something leaks. Assess what happens if something cannot be trusted. Assess what happens if something is unavailable.
Any listicle that attempts to give you the impression that OPSEC is a checklist ignores that dynamic nature of the threats high-profile targets may face. And there are no tips or tricks guaranteed to prevent the extraction of the data you provide to a platform by “three-letter” governmental agency. So always think about what you are sharing and with whom and why.
Using a password manager so you can always pick strong, complex passwords that you could never remember—and never ever share with anyone—is a good strategy for anyone. Use two-factor authentication whenever possible. Avoid traveling with a computer. If you have a choice of mobile device, an iOS device is currently your best option. And always keep all devices updated with the latest software.
A habit and practice
As UNESCO advises, “Treat digital hygiene as a habit and practice.” Brushing your teeth, flossing, and regularly visiting the dentist can improve your dental health, but they cannot eliminate every cavity. Likewise, digital hygiene and OPSEC cannot remove all risks.
But the process is still invaluable.
There’s a reason that even in the midst of physical lockdown affecting much of the globe, many countries consider journalists “essential workers.” The freedom of information is essential. And without processes that ensure security and privacy, that freedom will be compromised.
Categories