Most writers do not think of themselves as targets.
That is precisely what makes them vulnerable.
Your email account holds years of correspondence with editors, agents, and clients. Your cloud storage contains unpublished manuscripts, contracts, and sensitive interview notes. Your freelance platform profiles are linked to your bank account. Your online presence — your website, your newsletter, your social media — is your livelihood. And in 2026, all of it is under threat from cyberattacks that are faster, smarter, and more personalised than ever before.
According to the IBM Cost of a Data Breach Report, the global average cost of a data breach reached a record $4.88 million in 2024 — and the numbers have continued to climb. But you do not have to be a corporation to be targeted. Freelancers, journalists, bloggers, and independent writers are increasingly in the crosshairs, precisely because they tend to hold valuable data and maintain weak defences.
The good news: protecting yourself does not require a computer science degree. A handful of consistent habits can block the vast majority of attacks targeting writers like you. Here is exactly what to do — and why it matters for your career.
1. Start with Your Passwords — Your Manuscripts Depend on It
Imagine losing access to your Google Drive the night before a deadline. Or having your Upwork account hijacked and your client history wiped. These are not hypothetical scenarios — they happen to writers every week, and the most common cause is a weak or reused password.
When one service is breached, attackers use automated tools to try those same credentials across hundreds of other platforms — a technique called credential stuffing. If your email password is the same as your Dropbox password, a breach on either platform puts both at risk.
The solution is a password manager. Bitwarden is free, open-source, and trusted by millions — it generates and stores long, unique passwords for every account you own. If you prefer a premium option, 1Password is widely regarded as the gold standard for individuals and small teams.
To find out if your email has already been exposed in a known breach, visit Have I Been Pwned — a free service that monitors billions of leaked credentials and will tell you immediately if your address has been compromised.
2. Two-Factor Authentication: The Single Most Effective Thing You Can Do
A strong password alone is no longer enough. Two-factor authentication (2FA) adds a second layer of verification — typically a code generated by an app — so that a stolen password alone cannot grant access to your accounts.
For writers, the priority order is clear: protect your email first. Your email account is the master key to everything else — most password resets, account verifications, and editor communications flow through it. If someone gains access to your email, they effectively have access to your entire professional life.
Authenticator apps like Authy or Google Authenticator are more secure than SMS-based codes, which can be intercepted via SIM-swapping attacks. For maximum security on your most critical accounts, consider a hardware security key such as a YubiKey — a small physical device that plugs into your computer and acts as a second factor that cannot be phished remotely.
3. Phishing: The Attack That Targets Writers Specifically
Phishing — fraudulent emails, messages, or websites designed to steal your credentials or install malware — accounts for over 90% of successful cyberattacks. And writers are particularly attractive targets because they communicate constantly with new people: editors pitching assignments, publishers sending contracts, readers reaching out through contact forms.
In 2026, AI-generated phishing messages are nearly indistinguishable from genuine communications. Attackers now personalise attacks using data harvested from your social media presence, your published bylines, and previous data breaches — crafting messages that reference your actual work and appear to come from real publications or literary agencies.
Key warning signs to watch for:
- Unexpected urgency ("Your account will be suspended in 24 hours")
- Slightly wrong sender domains (e.g., [email protected] instead of guardian.com)
- Requests to click links or download attachments you did not expect
- Offers that seem too good to be true — particularly unsolicited book deals or high-paying assignments from unknown clients
When in doubt, navigate directly to the website by typing the URL in your browser rather than clicking any link in an email. The EFF's Surveillance Self-Defence guide and Krebs on Security both publish regularly updated, accessible phishing guidance worth bookmarking.
4. Protect Your Research and Sources
If you work in journalism, investigative writing, or any field where you handle sensitive sources or confidential information, your digital security practices are not just about protecting yourself — they are about protecting the people who trust you.
Standard email is not secure. If you communicate with vulnerable sources, consider using ProtonMail — an end-to-end encrypted email service based in Switzerland — or Signal for sensitive conversations.
When researching sensitive topics, a reputable VPN encrypts your internet traffic and masks your IP address, making it significantly harder for your internet service provider or network-level observers to monitor your activity. ProtonVPN has a verified no-logs policy and a free tier. For the highest level of anonymity — particularly relevant for journalists covering authoritarian governments or organised crime — the Tor Browser routes your traffic through multiple encrypted relays.
For everyday browsing, switching your default search engine to DuckDuckGo prevents your searches from being profiled and sold. It is a small change that accumulates into significant privacy protection over time.
5. Back Up Your Work — Before Ransomware Does It For You
Ransomware — malware that encrypts your files and demands payment to restore them — affected millions of individuals in 2025 alone. For a writer, a ransomware attack is not just a technical inconvenience: it could mean losing years of work, unpublished manuscripts, research notes, and client files.
The best defence is a reliable backup that ransomware cannot reach. Follow the 3-2-1 rule: keep three copies of your data, on two different storage types, with one copy stored off-site or in the cloud.
Backblaze offers continuous, low-cost cloud backup for personal computers — it runs quietly in the background and costs less than a cup of coffee per month. Pair this with a physical external drive stored away from your main machine, and you are well protected against both ransomware and the simpler but equally devastating risk of hardware failure.
Keep software updates on. The majority of successful attacks exploit known vulnerabilities that software vendors have already patched. Delaying updates is one of the most common and avoidable mistakes writers make.
6. Manage Your Online Footprint as a Public Figure
Writers are, by nature, public figures. Your name is on your work. Your website, social media profiles, and author bios make you findable — and that visibility creates specific risks that most cybersecurity advice ignores.
Data brokers — companies like Acxiom, Spokeo, and Whitepages — aggregate information from public records, purchase histories, and social media to build detailed profiles on individuals, which they sell to anyone willing to pay. For writers with a public presence, this can expose your home address, phone number, and personal relationships to readers, trolls, or worse.
The Electronic Frontier Foundation offers free guides on opting out from the most common data broker sites. At a minimum, Google your own name regularly and request removal from any sites that surface your personal address or phone number.
Consider using a P.O. box or registered mail address for any public-facing professional correspondence. For writers who have experienced harassment or who cover sensitive topics, this is not paranoia — it is professional hygiene.
Security Is a Writing Habit, Not a One-Time Fix
No single tool makes you completely secure online. Cybersecurity is built through consistent, layered habits — the same way a writing practice is built through consistent, deliberate work.
The goal is not perfection. It is to raise the cost of attacking you high enough that opportunistic criminals move on to easier targets. Most attacks are automated and indiscriminate — basic security hygiene stops the vast majority of them cold.
For ongoing, trustworthy guidance, the EFF Deeplinks Blog and Krebs on Security are two of the most reliable cybersecurity resources available to non-technical readers. Bookmark them. Read them occasionally. Treat staying informed about digital security the same way you treat staying informed about your industry — as part of the job.
Your words are your livelihood. Protect them accordingly.
Have you experienced a cybersecurity incident as a writer? Share your story in the comments — your experience might help protect someone else.