The Field Guide to Security Training in the Newsroom v 1.0.0¶
In the weeks following the 2016 presidential election, daily downloads of Signal increased four-fold. Though the US Border Patrol has had the authority to search electronic devices at border crossings for almost a decade, they seem to be using that authority more often in recent months. With the inauguration of a president who is openly hostile to the press (whose own campaign benefited immeasurably when hackers released his opponent’s private correspondence), reporters on all kinds of beats have started to ask how to protect their digital data from snoops of all stripes. Often there isn’t anyone nearby who can offer solid, informed answers to those questions.
Often the person reporters turn to for help has to come up with smart answers on the fly. They’re the one developer who uses GPG, or the reporter who’s been trying to convince everyone else to install Signal — and now they’re suddenly pressed into service as the newsroom security expert. Or they’re the IT staffer tasked with keeping the mail servers running, only now they’re also the in-house opsec consultant who doesn’t have any formal training in what reporters and editors need.
We want to see a whole lot more people prepared to answer those questions and help newsrooms do a better job of communicating (and storing data) securely. BuzzFeed Open Lab and OpenNews teamed up to assemble a solid, thoughtful series of training modules and resource guides that folks can use to help colleagues step up their security literacy. We’d like to cover everything from how to explain why migrating to a password manager is worth the trouble, to how to convince whoever needs convincing that installing Secure Drop is worth the trouble.
Chapter 1 - Being A Better Trainer¶
We’ve organized this guide into three key sections. Chapter 1 is a resource for new trainers, or folks who are looking for ways to be better at training in general. We’ve written this with a newsroom audience in mind, and we’ve pooled a lot of valuable resources that already exist in the world.
Chapter 2 - Lesson Plans¶
Chapter 2 is an ever-expanding collection of lesson plans and training materials to help people cover key topics with their peers.
- Chapter 2: Lesson Plans
- Mobile app security settings
- Locking down your mobile devices
- Setting Up Signal
- Backing up your mobile device
- Connected App Hygiene
- Passwords and Password Management
- Two-Factor Authentication
- Phishing Basics
- Physical Custody of Electronics
- Scrubbing Metadata from Files- A low-fi approach
- Using SecureDrop Safely
- Security in the Newsroom: Who are you?
Chapter 3 - Resources¶
Chapter 3 aggregates links to the best existing resources, to help new trainers deepen their own expertise. It also includes a glossary of common terms.