“Hostile Environment Awareness Training (HEAT) for journalists” is a ten-part series developed by Reporters Without Borders (RSF), Silk Road Training and a local partner. This ninth article outlines common digital threats facing journalists and explains how basic practices can reduce exposure.
Hostile Environment Awareness Training (HEAT) is a comprehensive safety training course covering core areas of preparedness for journalists working in high-risk environments. It includes preparedness for civil unrest, conflict zones, hostile environment first aid, vehicle safety, and digital security. Journalists depend on digital tools, but these tools carry serious security risks. Knowing how digital attacks happen and how to prevent them is essential for personal safety, source protection, and press freedom.
1 – Know what information is at risk
Cybersecurity is not just about protecting devices. It is about safeguarding the information they hold. Journalists often handle sensitive data, from unpublished reports to the identities of vulnerable sources. Recognising what is at risk is the first step in reducing exposure.
Digital threats pose multiple dangers:
- Personal safety: a compromised device may reveal a journalist’s identity or location.
- Source protection: poor digital hygiene can jeopardise whistleblowers or interviewees by revealing their personal information.
- Reputation and credibility: leaked or manipulated content can undermine trust.
- Espionage: journalists may become targets for state-sponsored surveillance, especially when covering government, national security, or corporate misconduct.
- Financial fraud: attackers may target banking information, trade secrets, or donor records.
Particularly vulnerable tools include:
- Smartphones and tablets;
- Laptops and desktop computers;
- Email, social media, and data management systems;
- Unsecured networks and public Wi-Fi.
2 – Understand how attacks happen
Digital attacks can come from a wide range of actors: governments, corporations, foreign adversaries, hackers, or hostile individuals. These groups may aim to monitor, intimidate, discredit, or disrupt journalistic work.
Common methods of attack include:
- Phishing emails posing as trusted contacts;
- Malicious attachments or links that install spyware;
- Public Wi-Fi interception;
- Physical tampering or theft of devices.
To stay safe, treat all digital activity with caution. Before opening links or files:
- Verify the sender’s email address;
- Hover over hyperlinks to inspect the full URL;
- Avoid unknown attachments, even from familiar names;
- Use digital security tools wherever possible, such as VPN, encrypted communication channels and antivirus software.
3 – Secure your devices and data
Digital safety requires a layered and consistent approach. Journalists should regularly examine their privacy settings, account permissions, and digital footprints.
Key practices include:
- Using strong, unique passwords or using a password manager;
- Enabling two-factor authentication (2FA);
- Keeping software and systems updated;
- Disabling automatic connection to Wi-Fi and Bluetooth;
- Using secure browsers and a VPN, especially while travelling.
Additional precautions:
- Backing up data to secure, encrypted storage;
- Encrypting files and being aware of local encryption laws;
- Turning off location tracking unless needed;
- Using burner phones or laptops for high-risk reporting;
- Shielding screens and contact lists from surveillance.
This article is based on the content of a three-day HEAT training conducted by Silk Road Training and organised by Reporters Without Borders (RSF) in partnership with Exile Hub.
Silk Road Training offers online and in-person HEAT training led by expert trainers with over 20 years of training and security advisory experience globally to help media professionals and frontline journalists build life-saving skills in high-risk areas.
← Read Part 1: Preparing for civil unrest
← Read Part 2: Techniques to stay safe during civil unrest
← Read Part 3: Planning ahead in conflict zones
← Read Part 4: Responding to conflict threats in the field
← Read Part 5: First Aid – Assessing casualties, managing catastrophic bleedings
← Read Part 6: First Aid – Airway management and resuscitation
← Read Part 7: First Aid – Monitoring casualties and secondary assessments
← Read Part 8: Vehicle safety and road traffic collisions
→ Read Part 10: A step-by-step digital security protocol
