With Data Privacy Day just around the corner, nothing is a more fitting topic than securing a free and open internet — an internet where thoughts and ideas can all be openly expressed with the assurance that the identities of those sharing are protected and preserved. A particular population that falls into this category, and that closely aligns with our mission here at Yubico, is journalists.
Journalists are at high risk of targeted cyber attacks, and security and privacy are critical to the safety and livelihood of many of these individuals. Today, we’re excited to announce that Yubico and Freedom of the Press are joining forces once again to deliver digital security training and resources to University of Southern California (USC) Annenberg School for Communication and Journalism students — the first education initiative of its kind.
The training curriculum, jointly developed by USC Annenberg and Freedom of the Press, will teach students how to identify the common cyber threats in a newsroom and what security practices to employ. Meanwhile, tools like the YubiKey will equip students to defend against rising phishing attacks and credential theft by protecting their email, social media, password manager, and file sharing accounts. As part of the ongoing program, roughly 250 students will receive the same training as part of their mandatory curriculum by the end of the Spring semester.
We recently sat down with Marc Ambinder, adjunct professor of journalism at USC who is leading the school’s efforts, to get his perspective on the growing importance of security for journalism students like his own.
Security is a rising concern across all industries. Why do you think this is the first initiative of its kind for journalism students, and what precedent do you hope to set? The pace of journalism is fast, and the toolkit that journalists must obtain, then apply, and then perfect, in order to be effective is evolving. But the threat landscape has evolved more quickly, thanks in large measure to the platforming of news and our immersion in the digital world. This hits employers too; most journalists don’t receive anything more than a basic standard module even after they graduate journalism school. We aim to give our students not just the tools but an approach that they can use throughout their careers to better secure themselves, their colleagues and their sources.
In your opinion, what are some of the top security concerns that this next generation of journalists needs to be aware of as they enter newsrooms across the country? Thanks to the ubiquity of metadata — and the relatively easy (and low-cost) ways that malicious actors can track it — and poor digital hygiene practices, a lot of our students’ future colleagues might work in ways that make them less safe. The goal here is to give our students a way to help themselves and help others. My other major concern is that the barrier to entry for harassing, doxxing, and sabotaging journalism is much lower than it used to be, and anyone — a state actor or a troll — can truly wreak havoc by stealing passwords, outing sources, or exposing personal information.
You’ll be providing the students with various tools during their training, one of which is the YubiKey. Why did you select the YubiKey as a two-factor authentication method, and what unique benefits do you think it offers journalists? While I can’t endorse specific products, I happen to be a personal YubiKey user myself, so I chose the product because your company was top of mind. Yubico immediately understood the value of what we were trying to do. Using a key for two-factor authentication can be an immediate game-changer in terms of reducing the spear-phishing / phishing threats, which are still a major attack vector. Using the keys makes it much harder for anyone to break into social media and work-product apps that we all use.
In your eyes, what would qualify as a successful training? In other words, what do you hope the students will take away from this? I want our students to use the tools that we are giving them, including YubiKeys. I want them to feel the keys in their hands, and then find ways of incorporating them in their daily digital lives. I want them to understand why having a separate key is safer than using SMS authentication methods or another device.
For more information on how the YubiKey can help protect high-risk individuals, visit our free speech page.