Susan E. McGregor has studied the security and privacy issues affecting journalists for a decade. She shares her insights and expertise in a new book, Information Security Essentials: A Guide for Reporters, Editors, and Newsroom Leaders, which serves as an essential guide to protecting news writers, sources, and organizations in the digital era.

“The question at the heart of the book is: What can we do behaviorally and technically to improve the security of our work, to protect ourselves, our colleagues, and sources?” said McGregor, who is an associate research scholar with the Data Science Institute at Columbia University and co-chair of its Center for Data, Media, and Society. “These are not theoretical concerns; they are practical requirements.” 

McGregor’s exploration of journalists’ security and privacy issues began in 2010 with her work on the launch of the “What They Know” investigative series at The Wall Street Journal. Led by Julia Angwin (now of The Markup), the series examined how technology companies can impinge on individual privacy and security.

When McGregor joined Columbia in 2011, she expanded her research to the technical and legal issues around digital communications, including the risks they pose to journalists and newsrooms. Events such as the 2011 legal battle between the New York City Police Department and Twitter over a protestor’s location data, the Snowden revelations of 2013, and that same year, the secret seizure of Associated Press reporters’ personal phone records by federal investigators brought these issues to the foreground. 

“What I found after years of investigation and speaking with experts is that the core essentials of security have remained stable over the years. The mechanisms of exposure and their risks have stayed fundamentally the same,” McGregor explained. “The technologies have evolved significantly in sophistication and scale, but the infrastructure is the same, and it’s going to continue to govern how these systems work for a long time. Understanding these fundamentals is essential to coming up with a strategy to mitigate the problems.” 

Information Security Essentials is relevant for any person or organization that collects and handles information about others, such as activists, academics, and educators, according to McGregor. She also noted that the book’s practical, realistic guidance may be particularly helpful for civil society organizations or other groups working in the public interest—groups that are not heavily regulated and not heavily resourced.

Many of McGregor’s recommendations are free or low-cost as they involve thinking, planning, and strategizing, including preparing for the possibility of lost or stolen tools, putting data in the cloud, or implementing systems that protect employees, such as travel laptops, VOIP numbers, virtual private networks, and password managers.

Beyond specific strategies, McGregor’s book also supports readers’ understanding of key aspects of digital communication systems, from how information is transmitted and how ISP’s work, to how Wi-Fi works and how packets move around the web. “You need some core technical and legal concepts. Once you have them, you have the tools you need to think through organizing and securing your information,” she said. “The goal of the book is to give you those conceptual tools. It provides you with a method for how to safely collect, store, transmit data—and data is everything.”

Some ongoing security risks, including online harassment, are caused by the failure to effectively integrate security into reporters’ daily work practices. These risks also affect personal networks, including co-workers, workplaces, and family members. McGregor suggests simple changes—teaching reporters how to secure and lock down accounts, having separate personal and professional social media accounts, and using a password manager—and urges reporters to understand that when they don’t consider the security of their work, they are taking a risk for everyone connected to them, not just themselves.

“Security isn’t a nice-to-have,” McGregor concluded. “It is fundamental to being able to report and publish effectively in the 21st century, and it’s a problem that touches everyone. We are all vulnerable. At some point it is going to reach you. This book helps you be prepared.” 

— Karina Alexanyan, Ph.D.