5 Digital Security Tools that Protect Work Product, Sources, and Other Confidential Information

A recent article published by the International Consortium of International Journalists outlines five digital security tools journalists can and should use to protect their work, as well as their sources. This has become pressing as journalists face an increasingly hostile reporting environment where, according to the 2017 World Press Freedom Index, “media freedom is under threat.”

The article encourages reporters, news organizations, and their sources to enlist the following digital security tools to prevent hacks and communicate securely:

1. End-to-end encrypted apps
   • Conventional methods of communication have long been subject to hacking. But there are now several chat applications that allow for encrypted messaging, which means that the content of the conversations cannot be accessed except on the physical devices through which they are sent and received. The article also discusses an app called Signal which, unlike similar apps that enable end-to-end encryption, does not even provide the app’s administrators with any metadata, such as location or time, about the conversations.
2. Secure file storage and encrypted sharing
   • Several applications, including SpiderOak, the Keybase filesystem, tresorit, and Jungle Disk, to encrypt sensitive files before they are shared over the internet. Encryption prior to sharing is step that should not be overlooked, as the most used file-sharing programs, such as Google Drive and Dropbox, do not provide “client-side” encryption by default.
3. Password Managers
   • There are also encrypted password managers that create and remember stronger passwords. Applications such as KeePassXC are free and open-source software that use standards-based encryption to protect passwords. They do not store data online or sync between devises, which helps keep information safe from hackers.
4. Two-factor authentication and its innovations
   • Two-factor authentication provides added security against hackers by requiring a unique secondary identification, such as a texted passcode, each time the account is accessed. It is still possible that text messages containing the codes could be intercepted by hackers. In response to this threat, Google has created an initiative entitled the Advanced Protection Program, which requires that two physical authenticator keys are used to unlock accounts.
5. Secure chat applications for the office
   • The popular office communication application Slack, which has the ability to archive conversations and the documents sent within them, does not feature full end-to-end encryption and was recently discovered to be particularly susceptible to hacking due to vulnerabilities in the app’s code. As an alternative, applications that feature end-to-end encryption, such as Semaphor and Mattermost, are recommended.

***

To learn about how CASTAYBERT PLLC can assist with trade secret matters, please click here.