Overview
Journalists and researchers face targeted digital risks: phishing, account takeover, device compromise, and surveillance. Established organisations publish practical, non-operational safety guidance [1][2][3].
Account Security
Use unique, strong passwords in a password manager. Enable multi-factor authentication (preferably a hardware key or authenticator app rather than SMS) on email, social, and cloud accounts [1].
Phishing Awareness
Targeted phishing is the most common vector. Verify the sender via a second channel before clicking links, downloading attachments, or entering credentials. Treat unexpected DMs offering documents or interviews with suspicion [1][3].
Device Safety
Keep devices patched. Enable full-disk encryption. Lock devices with a strong passcode. Be mindful of border crossings — see Access Now's advice for high-risk contexts [2].
Source Protection Principles
Adopt secure-by-default communications for sensitive conversations. Understand the legal environment you operate in — UNESCO and CPJ maintain overviews of source protection frameworks [1][4].
Digital Risk Assessment
Before starting a sensitive project, assess: what are you protecting, from whom, and what happens if it leaks? Access Now's Digital Security Helpline offers free support to civil-society users [2].
Key Takeaways
MFA + a password manager + patched devices covers the majority of realistic threats. Layered defence beats any single silver bullet.
