How news companies can safeguard against cybersecurity risks

By Jodie Hopperton

INMA

Los Angeles, California, United States

Connect      

Hi there.

Today’s newsletter contain two very topics: 

Firstly, something we all need to be aware of: cybersecurity (I’ve had some desire for a group chat around this topic so if your in-house expert on this is keen to join, please ask them to message me at Jodie.hopperton@INMA.org). 

Secondly, what the future of Web sites will look like using a live example of how you can customise the sections, fonts, and colours of any Web site right now using Arc

As you get this I’ll be touching down in Vail, Colorado, for our CEO roundtable. Everything is held under Chatham House Rule, and I’ll summarise some of the main themes as they relate to product and tech in my next newsletter. 

Thanks for reading. Hope to see you somewhere soon.

Jodie

Safeguarding against cyber threats

Today we all face the potential of cyber attacks that disrupt operations, compromise sensitive data, and damage reputations. I spoke with a few cyber security experts, and there are some common themes of things we can do. 

One executive I spoke to told me about all the attacks they have had in the past. I remarked that he looked remarkably considering daily, ongoing threats and the weight on his shoulders. He replied that it’s all about mitigating risk and understanding where the weak points may be. If you read no further, take note of that. 

And for the rest of us, let’s dig deeper.

Identifying and addressing internal risks

Understanding where vulnerabilities lie is crucial. Tech companies often refer to “red teaming,” which involves an internal or hired team simulating various attacks on the organisation to check its resilience. 

Better that you do it than a real attacker. If you can, establish a minimum security baseline which compels potential attackers to reveal their tactics early, enabling you to counteract effectively.

Proactive security measures

Of course it’s better not to wait until you are attacked before you fix something. Here are some key proactive strategies to protect yourself:

  1. Build security by design: Security should be integrated from the early stages of any project, ensuring safe development practices. This should be part of products day-to-day thinking. 

  2. Procurement process: As tech stacks and tools are modularised using different tools out there, security considerations have to be part of any procurement process.

  3. Specialised teams: If your organisation is big enough, get an in-house expert or team so you have consistent oversight and testing. 

  4. Collaboration with specialists: Partnering with cybersecurity experts will allow you to stay ahead of new and sophisticated threats.

Foundational principles for customer data

Protection of customer data is likely to be one of your core security principles. Ensure customer data is not shared widely and that information is ringfenced for specific use as much as possible. That way if there is an attack, it will only affect part of your data. 

It’s also helpful to have ongoing and open internal training and Q&A sessions so everyone who handles customer data can stay informed.

Governance and monitoring

Build a risk register and keep it up to date with new vulnerabilities. There are frameworks that you can adhere to such as the U.S. governments National Institute of Standards and Technology and ISO 0171, which will help you maintain high standards of governance, risk, and compliance.

Frameworks such as NIST will help you evaluate your security posture on a scale from one to five. Key metrics include vulnerability management, patching, password policies, and regular risk assessments. 

Conclusion

Investing in cybersecurity is not just about preventing breaches; its about creating a resilient organisation capable of withstanding and recovering from attacks. By being proactive and adopting a comprehensive approach, it’s possible to safeguard operations, protect our customers, and maintain trust in our digital offerings.

Date for the diary: Los Angeles Tech Innovation Study Tour, October 21-25 

I am beyond excited to invite you to join me for an in-depth look at multimodal content and how AI Is affecting entertainment in Los Angeles. 

The agenda is shaping up very well to gove us a good mix of Hollywood insiders, tech leaders, big platforms, and innovative startups. Plus I have more in the works ;) Find out more here

Did you know consumers can customise your Web site?

Last winter I started using Arc as my main browser. It’s not well known and has a small market share, but I think it’s worth paying attention to because they are small and nimble. 

What we see here may be rolled out elsewhere to browsers that can’t move as quickly in case they alienate their loyal users. In fact some of these features we are seeing in the latest Safari update using Apple Intelligence (more on that soon). 

Launched in 2022, Arc was built by ex-Chrome, Tesla, Medium, Slack, and other executives to “build a better way to use the Internet.” There’s a feature, which you have to look for, that allows you to “boost” Web sites. 

What’s a boost you ask? Great question:

Here are the areas of a Web page that you can customise:

  • Colour scheme.

  • Fonts and case.

  • Size. 

  • Contrast/brightness/saturation.  

  • “Zap” sections you don’t like.

Take a look at this screen recording I did on The Times in the UK. 

Click here to see how I changed the Times of London Web site on the left to my own version on the right.  

As a news organisations, we should note the following:

  • A high degree of consumer personalisation.

  • The fact that these are persistent changes. There are no resets on refresh so a consumer can literally change the fundamentals of a Web site design.  

  • Users can share their “boost” so friends can have the same experience.

Discussion with the Product & Tech Initiative advisory council about the overwhelming feedback had two main strains:

Firstly, we’re going to have to declutter our Web sites, otherwise users will do it themselves. And then if we give a good experience, it’s likely the vast majority of people will use the default settings and not take the time and energy to make small teaks. Besides, the ones who do are likely to be highly engaged in the first place, so maybe we shouldn’t actively discourage it.

So this is your friendly call to action to review clutter on your site and remember products primary mission: to reclaim the consumer experience. 

About this newsletter 

Today’s newsletter is written by Jodie Hopperton, based in Los Angeles and lead for the INMA Product and Tech Initiative. Jodie will share research, case studies, and thought leadership on the topic of global news media product.

This newsletter is a public face of the Product and Tech Initiative by INMA, outlined here. E-mail Jodie at jodie.hopperton@inma.org with thoughts, suggestions, and questions. Sign up to our Slack channel.

About Jodie Hopperton

By continuing to browse or by clicking “ACCEPT,” you agree to the storing of cookies on your device to enhance your site experience. To learn more about how we use cookies, please see our privacy policy.
x

I ACCEPT