Learn to use email securely.
Freelance journalists use email regularly to communicate with editors, colleagues and sources, as well as family and friends.
As a result, your account will most likely contain a significant amount of data about you and your contacts, so if your email is compromised it could put you, your family, your colleagues and your sources at risk.
Best practice: email
- Use separate email accounts for personal and work contacts. If your email is hacked then the adversary will only have access to one.
- Review what information is in your emails. You may have information that, if stolen, could be used to impersonate your identity, including bank details, passport and visa information as well as CVs and covering letters. Think also about any personal information included in emails, including photos and documents. Is there anything that could be used to damage you and your credibility?
- Create a strong and long password for your accounts or consider using a password manager. See our section on passwords for advice on how to do this.
- Avoid accessing your email account on public computers, for example, at Internet cafes or in press rooms. If you have no alternative, you should avoid logging into personal accounts. You should also clear your browser history and ensure you log out of – and not just close down – everything.
- You should always log out of your email account even when you are using your own computer.
- Some browsers will give you the option to stay logged into your email account. This is convenient, but not secure. Remember to uncheck this option when you are logging in. This is especially important if you are using a shared computer.
- Be wary of phishing and spear phishing attacks. See our guide on how to protect yourself against these.
- Consider encrypting your email communications. See our guide on how to do this.
You should add an extra layer of protection to your account by using two-step verification. This will make it more difficult for hackers to access your accounts. There are different types of two-step verification and they have different levels of security. Journalists should research which method is most secure for them. Freelancers should also review how to use two-step verification when travelling.
If you suspect that you could be a target of a state-sponsored attack then you should use a security key, such as the Yubikey, as your two-step verification. It is currently the most secure way to secure your accounts.
If you are concerned about account security and you have previously been targeted by an adversary, such as a government, you may want to sign up for Google’s Advanced Protection Programme.