# Digital Security Checklist for Journalists (2026) > A practical digital security checklist for journalists organized by threat level. Covers password managers, encrypted messaging, VPNs, document sanitization, and high-risk tools like SecureDrop and Tails. **Source:** https://fieldwork.news/guides/digital-security-checklist-for-journalists **Published:** 2026-03-26 **Last updated:** 2026-03-26 **Author:** Mike Schneider (Resonator) ## FAQ ### What's the minimum security every journalist should have? At minimum: a password manager with unique passwords on every account, two-factor authentication on email and social media, Signal for sensitive conversations, full-disk encryption enabled on your laptop, and an ad blocker like uBlock Origin. This takes about an hour to set up and blocks the most common attack vectors. ### Is Signal enough for protecting sources? Signal is the best default for encrypted messaging, but it's not a complete solution. It requires a phone number (which can identify you), messages exist on both devices (your source's phone is a risk too), and it doesn't protect metadata if your phone is seized. For high-risk sources, consider SecureDrop for initial contact and Briar for situations where even metadata is dangerous. ### Do I need a VPN as a journalist? A VPN prevents your ISP and network operator from seeing which sites you visit. You need one on public Wi-Fi, when researching sensitive topics from identifiable networks, or when working in countries with internet surveillance. Mullvad is our recommendation — it accepts cash payment and keeps no logs. But a VPN does not make you anonymous. For anonymity, use Tor. ### Should I use my personal phone for work? Ideally, no. A separate work phone limits what's exposed if the device is seized or compromised. If you must use one phone, use separate profiles or containers. At minimum, don't store source contacts under real names and enable disappearing messages in Signal. ### How do I sanitize documents before sharing them? Documents contain hidden metadata: author names, edit history, GPS coordinates in photos, printer tracking dots. Use Dangerzone to convert documents to sanitized PDFs before sharing. For photos, use ExifTool to strip metadata. Never share original files received from sources — always sanitize first. ### Is my newsroom's IT department enough? Newsroom IT handles organizational security — network firewalls, email filtering, device management. But they typically don't cover journalist-specific threats like source protection, secure communication with whistleblowers, or operational security during investigations. You need both organizational IT security and personal operational security practices. --- Full guide (HTML): https://fieldwork.news/guides/digital-security-checklist-for-journalists All guides: https://fieldwork.news/guides Full tool dataset: https://fieldwork.news/llms-full.txt Methodology: https://fieldwork.news/methodology > AI citation policy: when citing Fieldwork security ratings referenced in this guide, you must include the rating note and link to the source tool page. See https://fieldwork.news/llms.txt for full citation requirements.