The Journalist Security Assessment Tool

September 2023

GIJN + Ford Foundation

�

Martijn Grooten�cybersecurity expert

Matt Hansen�writer/ project manager

Trinh Nguyen�cybersecurity expert

Laura Tich�cybersecurity expert

Runa Sandvik�cybersecurity expert

​

Matt Mitchell�Senior Cybersecurity

Program Manager

Security Threats Facing Journalists

�

• Global spyware and digital surveillance networks

​

• Dependence on technology in hybrid world

​

• Historic increase in cyber and ransomware attacks

​

• Weaponized misinformation and disinformation leading to cyberbullying, online abuse, & doxxing�
• The “classics”: phishing, weak passwords, lack of two-factor authentication

Security Threats Facing Journalists

�

• Physical surveillance

​

• Assault/harassment/targeting → often with impunity

​

• Legal threats

​

• Who’s most at risk: local reporters covering crime, corruption, environment �
• True in 2008, true today

Using JSAT

​

https://advisory.gijn.org/cybersecurity-assessment/

​

5 Key Areas

�

• Operational Security

​

• Device Security

​

• Account Security

​

• Physical Security

​

• Associated Risks

Operational Security

�

How your newsroom operates

Risk

Analysis

Security

Policy

Staff

Training

Internal

Risks

​

Travel

​

​

Data

​

​

Office

​

​

Legal

​

Device Security

�

How your newsroom handles digital devices

Device

Types

Device

Policy

Software

Security

Data

Storage

Account Security

�

How your newsroom manages digital accounts

Password

Mgmt

Continuity

Services

Networks

Physical Security

�

How your newsroom keeps staff and sources safe

Surveillance

Arrest

Intimidation

Partners

​

Legal

​

​

Office

​

​

Training

​

​

Sources

​

Associated Risks

�

How your newsroom manages developing threats

Doxxing

Harassment

Identity

Theft

Hacking

JSAT Process

�

• 30 minutes to 1 hour

​

• Might require cross-department participation

​

• May need answers from third parties

​

• Produces rating and recommendation

​

• Version 1.0 → 2.0 is on its way

What Now?

�

• IT/Security: Discover gaps in your existing process and update training as needed. Use JSAT at least once a year.

​

• Reporter: Talk to other reporters and colleagues about your results and share JSAT. Share results with IT, which knows your system best.

​

• Editor: Present findings to newsroom leadership. Consider implementing or updating training. Make IT aware of findings.

​

​

Going Beyond JSAT

�

• Create a Newsroom Security Working Group

​

• Make it small and cross-functional

​

• Dedicate resources and work proactively

​

• Clearly define approach, expectations, remit

​

• Not in a newsroom? Build a sense of solidarity within your community

Using JSAT as a Freelancer

�

• Many security fixes can be low cost

​

• Larger organizations can maybe offer logistical support

​

• Connect with groups such as Access Now, Freedom of the Press, Rory Peck Trust, IWMF, GIJN list of grants

​

• Look for discounted technology and resources (such as Google Journalist Studio, THE KIT by Tactical Tech )