Copyright @ 2025 Global Cyber Alliance | Sitemap
Imagine you’re a contributor at a major television station. You’ve long been contracted to provide expert analysis on breaking news events. You’re by the station so often that the staff has even lent you a computer and carved out some desk space for you. Your work is highly specialized and sometimes requires you to download large files from around the world.
One day, you’re about to go on the air for a primetime roundtable discussion. You edit your notes, which you researched and fact-checked thoroughly, up until minutes before you go on the air. It’s no big deal. Like clockwork, you run into the studio during a commercial break, ready to grab your papers and take your seat – except this time, there are no papers in the printer. You panic a bit but have no choice but to join your fellow panelists and improvise on air.
You go live, and all is going relatively well until the teleprompter freezes. The host, without skipping a beat, announces a commercial break, hoping to fix the issue. But the commercials don’t start. All of the computers in the building have frozen and some have shut down entirely. Engineers in the control room resort to pushing physical VHS tapes into ancient hardware to keep the station on the air. The station likely suffered from a malware attack, and it probably came from one of those files you downloaded.
This story echoes one that happened in 2017 at one of the largest public broadcasters in the United States. In less than a day, all 503 employees found that their phones had stopped working, access to the Internet had frozen, and hundreds of hours of recorded interviews were rendered inaccessible. A malware attacker demanded $2,500 worth of bitcoin to return every computer to normal. The malicious software was likely introduced by a contributor or employee who was permitted to install third-party software onto a station-owned computer.
The FBI advised the station not to comply with the attacker’s demands, as it might lead to further vulnerabilities. The station’s nine IT professionals took to erasing all computers and devices, leading to months of hand-written communications and analog technologies lending to broadcast. In the end the station was able to recover but only after investing nearly half a million additional dollars into cybersecurity infrastructure.
Every year many journalists fall victim to these kinds of malware and phishing attacks, and it can be difficult to survive. In addition to revenue loss, this can lead to expensive recovery costs, data loss, damage to reputation and more. Fortunately There are many ways to prevent a situation like this. They begin with a good sense of what’s safe or not safe to do on the Internet, but there are also software solutions that can catch an issue before it spirals out of control, affecting sources and colleagues.
The tools included in the “Prevent Phishing and Malware” toolbox aim to help prevent these types of attacks. Included are: DNS security (DNS, or Domain Name Service, is the method by which you are able to navigate the Internet) to help prevent you from going to infected websites; anti-virus software to help prevent viruses and other malicious software from getting into your systems; and ad blockers to help prevent online ads, which can carry viruses. We recommend considering use of one of each of these tools on the devices you identified in the “Know What You Have” step.
Use the GCA Cybersecurity Toolkit for Journalists to access tools to assist you in setting up DNS security to block known malicious websites. Also check out the tools to help install anti-virus software and ad blockers.
The author, Julian Hayda, is the Craig Newmark Journalist Scholar at the Global Cyber Alliance. You can follow him on Twitter or connect with him on LinkedIn.