Newspapers and news services have undergone a process of digitalization in the last two decades, moving from printed editions to providing content exclusively online. This has brought a massive shift in the traditional newspaper business model, with many of the bigger well-established newspaper companies choosing to introduce subscriptions to access the content. As a consequence, newspapers and news services have become the collectors and processors of large quantities of sensitive data, including personally identifiable information (PII) and financial data.
Investigative journalism also comes with a unique set of cybersecurity challenges. Newspaper and news service employees may be targeted by malicious outsiders in a bid to compromise stories they are working on, discover the source of leaked information or discredit and, in some cases, cause harm to journalists investigating particular subjects.
While data protection laws do allow for exemptions for freedom of expression, such as in the case of the EU’s General Data Protection Regulation’s article 85, it only means that newspapers and news services are allowed to publish sensitive information if it’s in the interest of the public. It does not cover sensitive data collected as part of subscription services or employee data. The ability to protect sources is also a crucial part of newspapers and news services’ credibility and ability to publish groundbreaking news stories.
As such, data security should be a priority for newspapers and news services to both maintain their reputation and guard against potential data loss that can result in non-compliance with data protection laws. What are, therefore, some of the best practices newspapers and news services should follow when building their data protection strategies? Here are our top recommendations.
Encrypt hard drives
Encryption should be a key component of any newspaper and news service’s data protection strategy. Enabling hard drive encryption can protect journalists’ computers from being accessed if their devices are lost or stolen. It also prevents outsiders from bypassing login credentials by booting up a device using a USB.
Even better, hard drive encryption is usually a native solution already included in the most popular operating systems such as Windows and macOS, meaning it is a cost-free way of adding an extra layer of protection to sensitive information.
Safeguard data on removable devices
Journalists often travel while investigating news stories and sometimes use multiple devices to store and transfer data. To avoid any potential leaks via the internet they may choose to receive and transfer files via removable devices. And while this prevents potential data theft via the internet, it can open up another avenue for data loss: physical theft and loss of a device. USBs, in particular, due to their size, are notoriously easy to lose, forget or steal.
This is another case where encryption can be of great use. Enforced Encryption solutions enable newspaper and news service companies to automatically encrypt any sensitive files copied onto removable devices such as USBs with government-approved 256bit AES CBC-mode encryption. This ensures that no one without a decryption key can gain access to the data stored on them.
Enforced encryption also allows admins to remotely wipe devices by resetting them or to set new passwords in case existing ones have been compromised. Enforced encryption thus enables journalists to continue using USBs and other removable devices in a secure way that provides uninterrupted data protection even if sensitive data leaves the security of a work computer.
Protect sensitive data from insecure transfers
Newspaper and news services can use Data Loss Prevention (DLP) solutions to limit or block sensitive data transfers, preventing it from being stolen or falling victim to employee negligence. Using contextual scanning and content inspection, DLP solutions identify sensitive data and prevent it from being transferred via insecure channels such as messaging apps, file sharing, and cloud services. They can also block the transfer of particularly sensitive data such as that related to sources or stories that have not been published yet.
DLP solutions also monitor the movements of sensitive data, making it easy for newspapers and news services to keep track of highly sensitive data and its movements, but also to identify any potential attempts to steal it.
Deal with sensitive data stored locally
As they wrap up stories, journalists may still store files containing sensitive information locally on their hard drives in archives or simply forget certain files were saved in their folders. To avoid such situations, newspaper and news service companies can use DLP solutions like Endpoint Protector to perform data at rest scans which can search for sensitive data on all company computers. If sensitive information is found, the company can encrypt or delete it.
DLP solutions offer flexible ways of defining sensitive information. They come with predefined profiles for data protection laws such as GDPR or CCPA or categories of often protected data such as PII and financial data, but organizations can also create their own definitions based on their needs. This is especially important for newspaper and news services where sensitive data might be related to particular stories they covered or their sources.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.