Journalists cannot avoid social media for research or communication in their work, but its use comes with non-negligible risks. In this introduction to a six-part series, cybersecurity expert Ben Finn introduces for Reporters Without Borders (RSF) the common risks of social media platforms and gives general safety advice for journalists to follow.
Journalists use social media to research, promote their work, interact with the public, and communicate with colleagues and sources. Although social media platforms are convenient, their use comes with significant risks, including inadvertently downloading malware, being scammed, or the victim of unwanted data collection, not to mention the personal security risks from having a public online presence. It is vital journalists are aware of these dangers and take precautions.
Risks common to all media platforms
- Over-sharing. Social media runs on user-created content, therefore they encourage their users to post constant updates about themselves, where they are, and who they are with. For a journalist, it is essential not to post information that could be used to harm them or their sources: even when they want to be the first to break a story, posting too much too soon can put them or their contacts at risk.
- Accidental sharing. Journalists may unintentionally reveal information that could be used by adversaries and put them or their sources at risk, sometimes simply by commenting on a post, by leaving location sharing on or accidentally posting on social media with their personal account instead of their professional account.
- The illusion of invisibility. Most platforms have settings to limit the visibility of a post, e.g. disappearing messages or being shared to followers only. These should be used as needed, but journalists should never consider it to be 100% safe, as posts can be shared via screenshot, or be given access to the wrong persons.
- Phishing and scams. Journalists receive many messages and notifications, making them easy targets for phishing attacks. Cybercriminals can impersonate sources, colleagues, or companies in order to trick journalists into downloading malware, or handing over sensitive data or passwords. Caution and scepticism are crucial when clicking links or responding to messages on social media, even if they seem to come from trusted sources.
- Data-mining. All social media companies collect data on their users, including profile information, browsing habits, and location data. This is mainly used by the platform for targeted advertising, but it is at risk of being leaked, hacked, or handed over to governments.
General safety recommendations
- Avoid sharing identifying information. Be cautious about the content of personal posts, and avoid interacting with people and posts connected to an ongoing investigation. Journalists can use an alternate account to do research, and even a different browser and device if practical.
- Keep pro and personal IDs separated. Keep public accounts separate from personal ones, use a different email address and profile name so the two cannot be linked easily, and only fill out personal details that are required.
- Regularly review social media posts. Regularly go back over posts, comments, and activity to remove any outdated or sensitive information.
- Systematically block and report. Spam accounts and harassers should be blocked immediately and not interacted with. Further report their bad conducts to the social media platforms.
- Strengthen security settings. Enable settings that minimise data collection and limit post visibility. They may not mitigate all the risks but should be used nonetheless. The following parts of this series will go through specific platform settings in detail.
- Be familiar with social media privacy policies. Understand what data the social media platform collects and what it shares to be fully aware of the inherent risks of using such a platform.
- Adopt digital security habits. Activate two-factor authentication (2FA) on all accounts that offer it as an extra layer of security in case the password is breached. Use a Virtual Private Network (VPN) to limit the amount of data the platform can collect, strong, unique passwords for each account, and ad-blockers and tracking-blockers on all devices.
In later articles, this series will go into specific detail for five major social media platforms, namely TikTok, Facebook, Instagram, X (Twitter), and Weibo.
Written by Benjamin Finn. From Houston (USA), Benjamin has been in the IT field for a decade, during which his primary focus was the deployment of internal enterprise tools across large enterprises, including cybersecurity focused efforts. He has been engaged in training on proper security in the context of an oppressive nation-state, specifically in Myanmar. He has also been working with multiple groups in Taiwan to train them on proper security and safety measures.
