Use email securely.
Freelance journalists frequently use email to communicate with editors, colleagues and sources, as well as family and friends.
As a result, your account will likely contain a significant amount of data about you and your contacts, so if your email is compromised it could put you, your family, your colleagues and your sources at risk.
Best practice: email
- Use separate email accounts for personal and work contacts. If your email is hacked, then the adversary will only have access to one.
- Review the information in your emails. There may be information that, if stolen, could be used to impersonate your identity, including bank details, passport and visa information, as well as CVs and cover letters. Think about any personal information included in emails, including photos and documents. Is there anything that could be used to damage you and your credibility?
- Create a strong and long password for your accounts or consider using a password manager. See our section on passwords.
- Avoid accessing your email account on public computers; for example, at internet cafes or in press rooms. If you have no alternative, you should avoid logging into personal accounts. You should also clear your browser history and ensure you log out of – and not just close down – everything.
- You should always log out of your email account, even when using your own computer.
- Some browsers will give you the option to stay logged into your email account. This is convenient, but not secure – so uncheck this option when logging in, especially important if using a shared computer.
- Be wary of phishing and spear phishing attacks. See our guide on how to protect yourself.
- Consider encrypting your email communications. See our guide on how to do this.
Add an extra layer of protection to your account using two-step verification, making it more difficult for hackers to access your accounts. There are various types of two-step verification with different levels of security. Journalists should research which method is most secure for them and review how to use two-step verification when travelling.
If you suspect that you could be a target of a state-sponsored attack, then you should use a security key, such as the Yubikey, as your two-step verification.
If you are concerned about account security and you have previously been targeted by an adversary, you may want to sign up for Google’s Advanced Protection Programme.