As a community, as news organizations, and as individual journalists, we should now expect major systemic changes in how our workplaces are organized to protect each others’ health. Remote work is a necessary part of the strategy. As newsrooms consider how to support remote work, we need to also think through our plan to work securely beyond the corporate firewall.
Most news organizations already have some policies in place for handling sensitive data, or accessing compartmentalized newsroom resources remotely. But often, much shared infrastructure is lacking. It’s time to make some changes.
At Freedom of the Press Foundation we have some thoughts about practical ways to work together securely as a distributed team, but we also want to learn from, and call attention to the community’s wisdom. Send us a message on Twitter at @FreedomofPress or contact us here to let us know what practices your newsroom has adopted to enable remote work securely. We may ask if we can expand this article with your tips.
Newsroom infrastructure needs
In our ideal world this would include some shared infrastructure, and some basic training for all newsroom employees to use the following…
- Virtual private networks (VPNs). A VPN is a great way to securely tunnel your computer’s internet traffic to a remote location. Many newsrooms have internal newsroom resources only accessible within their building, and will use VPNs to allow workers to connect remotely. If your newsroom has resources only accessible through a specific range of IP addresses, now might be a good time to look into an internal VPN to ensure everyone has continued access.
- A shared password management solution. We know that many newsrooms have shared docs full of passwords, and other fun/concerning ways to keep track of their passwords. However, if you haven’t done so, now might be the time to invest in a team-friendly password manager — a piece of software designed to securely store passwords, and give selective access to others in the organization. For teams, good choices include 1Password and LastPass. Consider reading about choosing a password manager to learn how we came to those recommendations.
- Two-factor authentication for shared accounts. To make accounts more secure when logging into a website, many sites allow you to set up a second piece of information — a second “factor” — beyond the password. When you enable two-factor authentication, typically you will be asked to enter a short-lived code (e.g., a six-digit number) sent to a device you own, such as your phone. This is great for individuals, but isn’t ideal for teams, because not everyone can access the device.
If you’ve already set up a shared password management solution, you’re in a good position to add two-factor authentication to accounts shared by more than one person. Some password managers will allow you to store two-factor authentication codes, allowing anyone on the team to access them remotely. For example, 1Password will provide this functionality, making logins simpler for everyone. Consider reading about the security trade-offs of on-device and remote two-factor authentication solutions.
Work at home means you can’t assume the same security benefits of sitting at the office. Your newsroom may have stronger digital and physical security practices in place than your home office, so it might be time for some adjustments.
- If applicable, keep tabs on IT team guidance. Your IT team may provide new software (e.g., password managers, VPNs) to help maintain remote access to newsroom resources at a distance. They are likely scrambling to keep your day as simple as possible, so keep tabs on any guidance they provide in the weeks ahead.
By Freedom of the Press Foundation