Business only ever want to interact with journalists when they have a message to sell or a product to push.
In those instances, communications teams polish and hone the messages with the intention that the journalists simply spread the message through their channels with, hopefully for the business, positive results.
When an investigative journalist calls, you know there is going to be trouble, something unpleasant will likely be dredged up.
However business (and perhaps government) can still learn plenty from investigative journalists.
Recently the Pulitzer Prize winning International Consortium of Investigative Journalists published a blog “Five digital security tools to protect your work and sources”.
What works for investigative journalists, some of whom face stringent security checks and the danger of having hardware seized, especially at borders, but still manage to protect data and sources, should work for others.
Small businesses can be vulnerable to attack while large businesses usually have their own IT departments with in-house security expertise and processes. However it is usually worth looking at extra measures that are easy to implement.
The top tips from the ICIJ include the use of Signal and other end-to-end encryption apps, secure file sharing and encrypted sharing, the use of password managers, two-factor authentication and its innovations, and Slack alternatives for your office.
The ICIJ notes that a vulnerability has been discovered in Slack’s code and points to alternative programs, including open-source applications, that organisations can use for Slack-like internal chat.
The Electronic Frontier Foundation says “trying to protect your data from everyone all the time is impractical and exhausting.
“Security isn’t about the tools you use or the software you download. It begins with understanding the unique threats you face and how you can counter those threats.”
The Electronic Frontier Foundation suggests using a threat model and risk analysis to decide where best to concentrate your security measures.
Also, check out Citizen Lab’s Security Planner, which is aimed more at individuals than organisations.