The Freelancer’s Guide to Cybersecurity: 10 Tips to Protect Your Consulting Business
How to Shield Your Client (and Yourself) from Cybercriminals
As a freelancer, you have a lot of responsibility when it comes to protecting your clients' data. You may be working with confidential information that, if exposed, could lead to legal action and significant financial damages.
And you might be surprised what might be considered confidential: go-to-market plans, positioning, source code – even brand books.
That's why cybersecurity is so important for freelancers – it helps protect you and your clients from cybercrime.
As someone who works with cybersecurity and other B2B tech clients, it's my job to describe the cybersecurity landscape to each client’s audience – and to keep their data secured. After all, if they ask me how I'm securing such-and-such, I better have a damned good answer! (They’ll know if I B.S. it.)
Here are my top 10 tips for protecting your consulting business from cybersecurity threats.
1. Create Strong, Unique Passwords
A strong password is critical to protecting your freelancing business. Passwords need at least 8 characters and should include a mix of uppercase and lowercase letters, numbers, and symbols. Google recommends that you use 12 characters.
It can be hard to remember your passwords, so here's a tip: use a phrase or a song lyric. Here's an example, from where I'm sitting I can see a yellow snow shovel and hear classical music. I can remember "yellow shovel music."
Let's make it a bit tougher to crack. How about...
y3llowSh0velMusic?
That's 18 characters. That could take up to 438 trillion years to crack (Hive Systems, 2022)
But it's not enough to have a strong password – you also need to use a different password for every account. And that's a lot to remember.
That's where a password manager comes in.
A password manager is an application that helps you generate and manage strong, unique passwords for your email, bank account, Facebook, etc. – all of your online accounts. This way, even if one of your passwords is compromised, the others will remain safe.
I use 1Password which does have a subscription fee. It houses all of my unique passwords, hidden by 2FA and a very complex password I created. I can access it across all of my devices, and it automatically lets me know about weak passwords. (LastPass is a great free alternative.)
2. Use Two-Factor Authentication
Add an extra layer of security to your accounts. Two-factor authentication (2FA) requires you to enter a code from your phone or a code generator in addition to your password. This makes it much harder for cybercriminals to gain access to your accounts, even if they have your password.
If you have the option, enable multi-factor authentication, which requires additional information to confirm your identity.
3. Keep Your Software Up to Date
Exploiting vulnerabilities in outdated software is one of the easiest ways cybercriminals can gain access to your systems and data. That's why it's so important to keep all your software – including your computer operating system, web browser, and mobile devices like a phone or tablet – up to date.
Hackers are constantly assessing the programs you use every day for vulnerabilities. By upgrading to the latest version, you're patching up any known holes that could give them access to your data.
4. Be Wary of Public WiFi Networks
Public WiFi networks – like those you find in coffee shops, airports, and hotels – are convenient but notoriously insecure. That's because it's relatively easy for cybercriminals to set up fake public WiFi networks and eavesdrop on the traffic passing through them.
If you must use public WiFi, connect to a VPN first. This will encrypt your traffic and help protect your data from being intercepted.
What's a VPN?
Whenever you connect to the internet, you're exposing your IP address – which can be used to track your location and activities. A VPN (a virtual private network) encrypts your traffic and routes it through a secure server, making it much more difficult for cybercriminals to track you or intercept your (and your clients') data.
And it's not just about client info. Your passwords, bank account details, and more can be accessed by cybercriminals targeting your device.
If you have your own WiFi network, you're probably safe. VPNs are particularly important when using public WiFi, like at a coffee shop or airport.
5. Use a Firewall
A firewall is a piece of hardware or software that helps protect your network from unauthorized access. It can block incoming traffic from malicious IP addresses or networks.
Luckily, your computer likely comes with a firewall installed – as does your router. Though you can turn them off to increase internet speeds, I don't recommend them.
6. Setup Security Software
There are a number of security software applications available that can help protect your systems from malware, including antivirus, antispyware, and antimalware programs.
I'm going to be completely honest. I don't have anything specific that I use here. As a Mac user, I'm generally more protected from viruses and malware than a PC user. However, that protection is not foolproof (no protection is foolproof). I'm actively looking for good software for this – hit me up on Twitter @TomBasgil or Mastodon @tombasgil@mastodon.social if you have any recommendations.
7. Back up Your Data
In the event that your systems are compromised, it's important to have a backup of all your data. This way, you can restore your files and get back to work quickly.
There are several ways to back up your data, including:
Cloud storage: This service allows you to store your data on remote servers. Popular cloud storage providers include Dropbox, Google Drive, and iCloud.
Local storage: This is when you store your backups on an external hard drive or another local storage device.
Continuous Data Protection (CDP): This type of backup stores copies of your data as it changes. This way, you can restore your data to a specific point in time.
CDP or real-time backup is the creme de la creme – and often too expensive for freelancers. (Frankly, most non-enterprise companies can only use near-continuous anyway. Real-time is expensive and data-intensive but that's digging a little too deep.)
I use a combination of cloud and local. I have a backup copy of my entire computer on a hard drive – meaning that I can throw my computer into the sea, buy a new one, and duplicate my entire machine. I use Google Cloud for work that requires input from others – which I can access from any computer.
8. Educate Your Team
If you have employees or subcontractors working with you, educating them about cybersecurity threats and best practices is important. This includes things like using strong passwords, not sharing passwords, and being cautious when clicking links or opening attachments.
Whenever possible, I require 2FA to access pieces of my business (for example, access to Slack for my team members).
9. Don't Be a Phish
Phishing is a type of cyber attack that uses fraudulent emails or websites to trick you into disclosing sensitive information like passwords or credit card numbers.
Phishing attacks are becoming more and more sophisticated, so it's important to be vigilant when opening emails, even if they appear to be from a trusted sender. Some things to look out for:
- Misspellings or grammatical errors in the email body
- An unexpected request for personal information
- Requests for account information or passwords (e.g., your bank already has that info and doesn't need to ask)
- A sense of supreme urgency or a direct threat (like reply within 1 hour or you'll go to jail)
- Links that don't match the sender's domain name
If an email looks suspicious, don't click any links or open any attachments. Not sure? Hover over the link to see what it actually is. Contact the sender directly. Your client would much rather be bothered by a 2-minute phone call than have their information stolen. (And you'd much rather waste a few minutes on the phone with your bank than get stuck footing the bill for some scammer.)
And if you're ever asked to enter sensitive information into a website, make sure the URL starts with HTTPS://. (Trivia: The "s" stands for secure.)
10. Remember Physical Security
Cybersecurity isn't only digital. Lock important files in desk drawers when the plumber is over.
You should also consider:
Hiding physical backups or using a safe deposit box,
Physically shredding documents with confidential information
When out in public at a coffee shop or at the airport, don't have private conversations on your phone. And finally, be aware of who can see your computer screen.
And if you like to rough it old-school like me, be sure to regularly shred any sensitive documents or notes. I love to write things done the analog way – but I have to be sure to destroy my notes rather than throw them in the recycling. (Companies that offer secure shredding services can also recycle the bits left over.)
Bonus: Review Your Cybersecurity Posture Regularly
Cybersecurity is an ever-changing landscape, so it's important to review your cybersecurity posture on a regular basis. This includes things like updating your software, changing your passwords, and monitoring your systems for signs of intrusion (e.g., slow load times, unwanted popups, etc.).
By following these tips, you can help keep your business safe from cybersecurity threats. If you have any questions, feel free to reach out to me on Twitter (@TomBasgil), Mastodon (@tombasgil@mastodon.social), or LinkedIn. I'm always happy to chat about cybersecurity, social media marketing...or anything else, for that matter.
What methods do you use to keep your business – and your clients' information – secure?