How Journalists & Media Companies Can Prevent Email Hacking

Imagine this: You’re about to break a major story. Your emails contain confidential sources, unpublished research, and sensitive communications. Suddenly, your account is hacked. Your sources are exposed, your credibility is questioned, and the story is compromised.

Sounds like a nightmare, right? Unfortunately, this is a real risk journalists and media companies face daily. Cybercriminals, government-backed hackers, and corporate spies often target journalists to steal, manipulate, or suppress information.

So, how can you protect your email systems from these threats? Let’s dive in.

Before we get into solutions, let’s address the big question: Why would someone want to hack a journalist’s email?

Here are some of the biggest reasons:

🔹 Access to Confidential Sources: Leaking a journalist’s emails can expose whistleblowers and sources.
🔹 Controlling the Narrative: Governments or organizations may hack emails to suppress sensitive stories.
🔹 Financial Gain: Cybercriminals might steal data and demand a ransom.
🔹 Discrediting Journalists: Altering or leaking private emails can damage reputations.

This means securing your email isn’t just about you—it’s about protecting your sources, your credibility, and even your freedom to report.

Hackers are sneaky, but there are red flags you should watch out for:

✅ Unusual Login Attempts – If you get alerts about logins from unfamiliar locations, take action immediately.
✅ Emails Sent from Your Account That You Didn’t Write – Your contacts report receiving weird messages from you? Big red flag.
✅ Sudden Password Changes – If you get locked out of your own account, it’s time to act fast.
✅ Unusual Activity in Your Inbox – Emails marked as read, deleted messages, or missing conversations could be signs of tampering.

If you notice any of these, assume you’ve been compromised and take immediate action (we’ll cover how below).

Now, let’s talk about how you can secure your email effectively.

Not all email services are created equal. Mainstream providers (like Gmail or Outlook) are good but not foolproof.

Consider encrypted email providers like:

🔹 ProtonMail – End-to-end encryption, no data tracking.
🔹 Tutanota – Open-source and secure, with built-in encryption.
🔹 Mailfence – Offers encrypted email and digital signatures.

If switching email providers isn’t an option, at least enable encryption features available in your current provider.

Your password alone won’t cut it. Multi-Factor Authentication (MFA) adds another layer of protection.

Here’s how it works:

🔹 Option 1: Use an authentication app like Google Authenticator or Authy.
🔹 Option 2: Use physical security keys (like YubiKey).
🔹 Option 3: If no other option is available, use SMS codes (but be aware that SIM-swapping attacks exist).

This simple step reduces hacking risks by over 90%—so turn it on today if you haven’t already!

Hackers often trick you into giving up your login details through phishing emails. These emails may look real, but they contain malicious links.

✅ The sender’s email address looks slightly different (e.g., [email protected] instead of [email protected]).
✅ The email has a sense of urgency ("Your account will be suspended if you don’t act now!").
✅ Links that redirect to unfamiliar login pages.

🔹 Pro Tip: Never click on links in emails that ask you to log in. Instead, go to the website directly from your browser.

Even if your email provider offers encryption, it’s not always end-to-end by default. Consider using:

🔹 PGP Encryption (Pretty Good Privacy) – Encrypts your emails so only the intended recipient can read them.
🔹 Secure messaging apps like Signal or Wire for sensitive discussions instead of email.

Encryption makes it impossible for hackers or governments to snoop on your messages.

Outdated software = easy entry for hackers. Keep everything updated:

✅ Email apps & browsers – Outdated browsers can expose you to vulnerabilities.
✅ Operating system – Always update your MacOS, Windows, or Linux.
✅ Antivirus software – Helps detect malicious files and links.

🔹 Bonus Tip: Consider using a secure, journalist-friendly operating system like Tails OS for ultra-sensitive work.

Okay, let’s say the worst happens—your email is hacked. Here’s what you should do immediately:

1️⃣ Change your password ASAP (use a password manager to create a strong one).
2️⃣ Enable MFA (if it wasn’t already enabled).
3️⃣ Check for suspicious email forwarding rules (hackers may have set up auto-forwarding to spy on you).
4️⃣ Look for unauthorized logins in your email security settings.
5️⃣ Alert your contacts if you suspect your account was used to send phishing emails.
6️⃣ Run a security scan on your device to ensure malware wasn’t installed.

🔹 If you handle high-risk journalism, consider contacting digital security experts for deeper investigation.

Protecting your email as a journalist isn’t a one-time task—it’s an ongoing responsibility. Cyber threats are evolving, so your security measures should too.

Here’s a quick recap of what you should do:

✔ Use a secure email provider.
✔ Enable multi-factor authentication (MFA).
✔ Stay cautious of phishing emails.
✔ Encrypt sensitive emails and use secure messaging for ultra-sensitive communication.
✔ Keep your devices updated.

By implementing these steps, you’re not just protecting yourself—you’re protecting your sources, your stories, and the freedom of the press.

🔹 Now, over to you—what’s the first step you’ll take to improve your email security today? Let me know in the comments!