Journalists and media professionals in Qatar are well advised to strengthen their digital safety practices in the face of increasingly sophisticated cyber threats. This was emphasised during the second day of Cybersecurity Awareness Workshop conducted by cybersecurity trainer Farhan Alsadi, who cautioned that the stakes have never been higher for those working in sectors such as the media.

The session organised at the Qatar Press Center referred to Qatar’s Personal Data Protection Act (Law no. 13 of 2016), highlighting the need to safeguard personal information and protect press freedom. The law, enacted in 2016, gives individuals the right to control their data, obliges organisations to adopt strong security measures, and promotes transparency in data usage.

Alsadi noted that journalists are at particular risk because of their access to sensitive sources and sensitive information. He cautioned participants against complacency, stressing that cybercriminals increasingly view the media as a prime target. “Journalists are not just reporting the story anymore — they are part of it,” Alsadi said. “Protecting your data means protecting your sources and, ultimately, your credibility.”
The Pegasus case

Attention was drawn to the infamous Pegasus spyware case, which exposed the extent of modern surveillance risks. Pegasus, developed by Israel’s NSO Group, can infiltrate smartphones without any action from the user — so-called “zero-click” attacks. Once inside, it grants full access to calls, messages, photos, contacts, and even the ability to activate cameras and microphones remotely.

In 2020, the spyware was used to infiltrate the phones of 36 Al Jazeera journalists, enabling attackers to monitor private conversations and track their movements. The revelations were part of the Pegasus Project, a global investigation that found more than 50,000 potential targets, including journalists, activists, lawyers, and heads of state. International watchdogs condemned the misuse of such tools, warning that surveillance of journalists undermines democracy and press freedom.
Understanding the threat landscape

The workshop outlined the most common cyber risks facing media professionals today:

• Spyware, like Pegasus, that secretly takes over devices.

• Phishing attacks, which use fake emails or text messages to trick users into sharing passwords or clicking malicious links.

• Malware, often embedded in files or downloads, capable of crippling networks.
Alsadi said that while these threats are invisible, their consequences are real, ranging from data theft and reputational damage to risks against personal safety. To counter these dangers, Alsadi provided participants with a set of practical and actionable steps:

• Use strong, unique passwords of at least 12 characters, mixing numbers, symbols, and upper- and lowercase letters. Store them in trusted password managers such as LastPass or Bitwarden.

• Enable two-factor authentication (2FA) or multi-factor authentication for all accounts. Where possible, opt for more advanced options like cryptographic passkeys.

• Regularly update devices and software to patch vulnerabilities that spyware exploits.

• Encrypt communications by using secure platforms such as Proton Mail for email and Signal for messaging.

• Avoid public Wi-Fi unless connected through a Virtual Private Network (VPN). VPNs encrypt traffic and mask IP addresses, reducing exposure to interception.

• Be wary of phishing: never click on suspicious links or attachments, even if they appear to come from trusted contacts.

• Scan devices regularly with security tools such as Amnesty International’s Mobile Verification Toolkit (MVT) to detect traces of spyware.

• Back up data securely, ideally in encrypted formats, to allow recovery in the event of ransomware or breaches.
Beyond technology, Alsadi emphasised the human factor in cybersecurity. Awareness training, phishing simulations, and vigilance at the individual level, he said, remain the most effective first line of defence. “Attackers often exploit human weakness, not just software vulnerabilities,” he said, urging media organisations to build a culture of cyber resilience where every staff member recognises their role in digital safety.