Have you ever seen a custodian walk around with a massive ring of keys and wonder “where could all of the doors be?” Have you noticed doors in your building that you never noticed before? Maybe it’s the bathroom supply closet that stays locked so you constantly have a supply of toilet paper. Maybe it’s the electrical closet at the end of the hallway that keeps power surges from destroying your stuff or starting a fire. Maybe it’s to a filing cabinet with your financial records. Or maybe it’s more mundane, like the key that opens the fence to the dog park.
That custodian and their key ring are the unsung heroes of every big building, and the symbiotic relationship between the two is what makes them so indispensable. You certainly don’t know your way around the key ring, and you’d be helpless finding all of the doors they open. Thank your custodian.
Unfortunately, unlike your physical workspace, many people don’t have an expert custodian keeping track of their cyberspace. You don’t have an unsung hero in your life who’s looking behind every virtual door to make sure there isn’t anything that could create an unsavory mess or start a fire. You don’t know what every key does, nor do you know which door it goes to.
When you’re working independently, like many journalists, or don’t have the backing of a big institution, you need to stay on top of the tools that enable your work. It is just as important to be able to get things into and out of your personal tool sets as it is to get information out of sources and into the public. Without access to the former set, you can’t work with the latter set.
And like the doors you might have never noticed in your building before, there are also objects and applications that you might not even realize you’re using. When something is incorporated seamlessly into your workflow, it’s easy to forget it’s even there. Keeping track of what you have, what it is, what it does, what faults it has, where it came from, and how to maintain it is key to maintaining your cybersecurity posture and making sure that the work you do remains honest, manageable, and able to reach its widest audience. Certain equipment you use and software you depend on might allow bad actors like harassers enter your workspace. But before you can lock that backdoor, you need to know where to look for it.
Before launching into the meat-and-bones of the Cybersecurity Toolkit for Journalists, identify all of your devices (including desktops, laptops, smartphones, and printers) and applications (e.g., email, software, web browsers, websites) so you can take the steps to secure them. Use the “Know What You Have” toolbox inside of the GCA Cybersecurity Toolkit for Journalists to access tools to assist you in inventorying your devices and applications. The inventory serves as a checklist as you make your way through the rest of the toolkit. Keep this list updated as you add or remove devices and applications.
Regular audits of social media accounts and their related apps help maintain your defenses and allow you to disable tools you might not use anymore. In 2018, several social media accounts belonging to journalists and public figures were accessed through third-party apps tied to foreign political operatives. They used the breach to spread false information through direct messaging with sources and other journalists, taking advantage of the journalist’s authoritative voice. All it takes is keeping on top of these threats to make sure you’re not next to fall victim to them.