New York- How do New York Times staff members use technology in their jobs and in their personal lives? Bill McKinley, executive director of information security, and Runa Sandvik, director of information security, discuss the technology they are using.
What are your biggest concerns about security of The Times’s newsroom these days?
This is a difficult challenge for us. The landscape is ever-changing and the threats we see today will likely evolve into something more difficult to defend against tomorrow. Our mission is to help the newsroom protect its communications, data and sources.
Last year, we helped set up The Times’s Tips page, which includes SecureDrop, outlined ways to safely work with the information we receive and built a security awareness program that is unique to the newsroom. We provide tools, training and focus on helping the journalists address the challenges that they are facing.
However, tools and processes will only get us so far. The biggest concern will always be that a source is burned or that a journalist’s life is in danger.
How do you vet tech products to protect journalists and editors from cyberthreats?
The products that we recommend to the newsroom are the products we use ourselves, such as Signal for secure mobile communications. Before we use or recommend a product, we make sure we understand how it works, its limitations and how it protects our users. Is it easy to use? Has the product been reviewed by other security researchers? How many people are using it? We look at all these issues.
What’s one tool or product that you have found to be effective in protecting the newsroom, and why does it work?
Journalists often need to click on links and attachments from people they don’t know, and it’s our job to help them do so securely. One product that is effective in protecting against phishing of online accounts is the Security Key, which is a physical device that connects to your computer just like a thumb drive. The key is supported by both Google and Facebook.
The Security Key can be used as an alternative to SMS or an authenticator app for two-factor authentication, which is a way to secure your accounts by requiring not just your user name or password, but something you have. The key uses cryptography instead of randomly generated codes and works only with the sites that it’s set up to work with — not lookalike sites that might’ve been developed with malicious intent.
What is your biggest tip for people for protecting their online security and privacy?
The best things you can do are to use a password manager, set up two-factor authentication on the sites that offer it and keep all software up to date. Doing so helps secure access to your online accounts and limits your exposure to phishing and malware.
A password manager, such as 1Password, LastPass or Dashlane, helps you create unique, strong passwords for all your websites and securely stores the passwords for you — no more passwords in emails, notebooks or on Post-it notes. To ensure that your accounts remain secure even if the password manager is compromised, set up two-factor authentication where available and configure your devices not to remember your passwords.
Two-factor authentication helps you protect your accounts by adding a second step to the login process. In addition to your username and password, you also present a second factor such as a Security Key or a random code from your mobile phone. Logging in will then require a combination of something you know and something you have, so no one can get into your accounts without both things.
Software updates contain more than just new features, emojis and dog filters; they can also contain fixes for security issues that researchers have discovered. Keeping all software up to date and rebooting when necessary is one of the easiest things you can do to ensure your devices are as secure as possible.
Beyond your job, what tech product are you currently obsessed with using in your daily life?
Bill: That’s easy: automation tools. But not automation for the sake of automation. Automation that serves a purpose. At home, the house is fully wired with Wi-Fi switches and outlets are everywhere in our house, resulting in things like randomizing on/off of lights when no one is home. We also have integrated smoke detectors, thermostats, our security system and others.
On Android, I use the Tasker app religiously to stop texts coming in when I’m driving, set volume levels at work and launch apps based on conditions.
My favorite automation tool for mobile is IFTTT, a service that lets you automate tasks between other web services, such as Gmail, Facebook and Instagram.
Runa: I love products that provide security by default, such as the Chromebook laptop and the iPhone. Being secure by default allows me to focus on the other things I have going on in my life without being concerned about the devices themselves.
What is on your tech wish list — either a gadget or app — to get or try next and why?
Bill: Photography is a hobby of mine and I’ve used D.S.L.R. cameras for years. It helps bridge my two loves: tech and nature. I frequently take my camera out for daylong hikes and shoot. Lately, I’ve had my eye on a Canon 5D Mark IV. Or, possibly a move toward mirrorless technology like the Fuji X-T2, although I’ve yet to do my own side-by-side comparison.
Runa: I have everything I need. I could perhaps use a tablet or a watch or a new monitor, but the truth is that I want to be less connected, not more. I tend to prefer books and movies to new gadgets and apps.
The New York Times