Full-time freelancing affords professionals the opportunity to be self-employed, set their own schedules and regularly work on new projects. But there's one aspect of this type of remote work that both freelancers and businesses sometimes fail to consider: cybersecurity.
"Freelancers are often tasked with developing projects and working on files on their own computers, without the same security tools and policies an employee working at a large enterprise [has]," said Mohamad Ali, president and CEO of Carbonite, a provider of data protection solutions. "This puts freelancers in a precarious situation, since they're usually left ... protecting [their own] personal and business files when working at home or from the road."
"This is the same problem that BYOD presents to businesses," added Mike Walls, managing director of security operations and analysis at security solutions provider EdgeWave. "IT staff have little visibility into the configuration or software load of the employee's computer. That means that the remote worker is at risk of running software, or using hardware that is vulnerable to attack."
Even without enterprise-level security and backup measures in place, there are still things you can do as a freelancer to keep your clients' data secure. Here are a few best practices to ensure you don't inadvertently lose, corrupt or grant unauthorized access to sensitive information.
Always work from a secure connection
Public Wi-Fi hotspots are some of the biggest sources of potential problems for people connecting outside of a secure office network. If you're working in a public space, such as a coffee shop, airport or hotel, you should tether your smart device to your laptop or use your own mobile modem or hotspot, if possible, as these are more secure than public networks, advised Lysa Myers, a researcher at security software provider ESET.
Regardless of whether you are using your own private hotspot or a public one, it is a good idea to encrypt as much of your traffic as possible, Myers said. You can route your Internet through a virtual private network (VPN), and make sure you enter sensitive data only into sites that use HTTPS. If you can help it, avoid entering or accessing your most sensitive data, such as financial information or online banking credentials, while you are in public.
Additionally, Myers advised cropping down your list of "trusted" public Wi-Fi networks that you've accessed in the past.
"Attackers like to use common names of public hotspots to set up their own networks for eavesdropping purposes, so that your computer will automatically connect without you having to approve the connection," Myers said. "From there, they can easily access your data. To prevent this, make sure to prune your list of 'trusted' networks before you leave home."
Keep software and operating systems up to date
When you don't install the latest version of a program, you leave yourself open to any security holes that may have been left open in the previous iteration. Walls advised anyone working outside of a secure enterprise network to keep their personal devices, operating systems, applications and other software updated and patched at all times.
"This bit of maintenance is best done at home," Myers added. "Aside from further slowing down your connectivity by downloading several megabytes worth of updates [on public Wi-Fi], scammers also use fake update notices to try to fool people into downloading malicious files."
Part of updating your systems includes changing your password frequently. Myers reminded freelancers to regularly create new, hard-to-guess passwords for all of their programs, accounts, personal wireless networks and devices.
Invest in a backup solution
You likely use a cloud storage solution like Google Drive or Dropbox to store, share and synchronize files for client projects. But there's a difference between storage and backup, and anyone who wants to securely preserve and manage their work should consider a backup solution.
"If you're using cloud storage as a substitute for backup, you can easily lose data through accidental deletion, overwriting or by simply forgetting to manually upload files before ... a security incident arises," Ali said. "With cloud backup, software is continuously and automatically backing up all user files and data, and scanning for changes along the way. True backup also helps with versioning, so if you overwrite a file, you can access the older version, saving you hours of having to re-do that work."
Ali noted that backup solutions also offer you enhanced privacy and security, as your files are encrypted. He added that cloud backup, in particular, makes it easier to recover files after a local failure, like a damaged or stolen laptop.
"Restoring files is really the key element to protecting digital assets, and backup is just the means to that end," Ali said.
Encrypt and scan your data
As a freelancer, you are technically a self-employed business owner. Therefore, you should look into protecting your work devices the way a business would. While you likely can't afford top-of-the-line enterprise-security solutions, you should use an encryption solution to help secure the information on your device, advised Michel Bechard, director of service provider technologies at Internet security provider Comodo.
"The surest way to protect customer data is to encrypt from end to end," Bechard said. "This way, even on the off chance that the network transit has been compromised ... the data would be rendered useless if stolen or hacked into."
Walls agreed, adding that any files downloaded from emails or uploaded from USB drives should be scanned with antivirus software to rule out any security threats.
Ask clients for access to resources
If you have any doubts about your ability to secure a client's data, ask your point of contact if you are allowed access to the company's security resources as a freelancer.
"The secured enterprise [can] know the location of workers' devices, how business ... data is being accessed and who has access to it," Bechard said. "Solutions available to the enterprise [include] BYOD/mobile device management, endpoint/device security management and VPN/IPSec tunnels."
Even if the access is limited, your data and activity will likely be safer with enterprise-level firewalls, filters, encryption and backup than on your own personal devices, and the cost is significantly lower to you.
"Ask for a company resource," Walls said. "The worst that a company can say is no."