Is your client’s data safe? This question should keep you awake at night if you’re not sure. As a self-employed freelancer, there’s no IT department to fall back on. You’ve got to be on top of endpoint security or else you risk your clients’ ire and mistrust in the event of a security breach.
So what can you do to ensure your client’s data security? Here’s 10 ways to protect yourself against information theft:
- Identify Sensitive Data - Do you even know what types of sensitive data your clients have entrusted to you? From passwords to proprietary information to source code -- take time to identify the data items that require extra vigilance. It’s called risk assessment and is the first step in successful endpoint protection. This review process will also assist you in pinpointing security holes.
- Protect Your Computer - A firewall and up to date antivirus software is foundational. If you don’t have those in place, then you’re leaving the door wide open for the not so nice to walk right in and help themselves. For bare bones protection, check out AVG’s free anti-virus software and ZoneAlarm’s free firewall.
- Choose Your Password Wisely - Sensitive data should always be protected by a password. Unfortunately, many users choose a password that provides little protection against the experienced hacker. A beefy password is characterized by containing more than one word, using symbols or numbers and being 8+ characters. For more on the ins and outs of a successful password, read “The Anti-Hacker Password Plan.”
- Isolate Important Client Data - As previously mentioned, client data must be protected by a password. There are several 3rd party utilities that can accomplish this, including Protected Folder and TrueCrypt. Don’t store important data in multiple, unsecured locations. The more places you keep it, the more places you have to protect that are potential security risks. The only exception to this rule is keeping backups.
- Prepare for Disaster - Hurricanes, fires, earthquakes. As this year has proved yet again, natural disasters happen. And if you’re not prepared when one hits, your business will be in a world of hurt. That’s why you need backups of all mission critical data. It’s fine to keep a backup copy on site. But it’s absolutely vital that you also keep one off-site in a secure location (i.e., not the trunk of your car). Cloud-based backup is another option, but it has some definite cons that are beyond the scope of this post. For more on that, read “Is Cloud Based Backup Safe,” as well as the post’s accompanying comments.
- Avoid Dangerous Downloads - With the current proliferation of apps, it’s easy to be a little too trusting about the programs you download. This is one area in which being paranoid is a good thing. Check and double check the safety of your downloads -- make sure they’re from a reliable source. That goes for links sent by friends via email or social media too. Accounts are getting hacked right and left, so even a link sent by your best friend should be treated with caution.
- Ban Peer to Peer Software - P2P programs might (and that’s a big question!) have a place on your personal computer, but should NEVER be used on a machine that contains client data. The potential dangers of these file-sharing programs include firewall penetration, malware or virus infection and data theft. It’s a risk that should be completely avoided. And yes, even Spotify has been a source of trouble, according to this e-Week.com report.
- Protect E-Mail Attachments - You worked all night on the code for the client. The next morning, you sent it to them...but inadvertently e-mailed it to the wrong address. That’s potential trouble, unless you’ve encrypted the file. If there’s e-mail attachments that are for your client’s eyes only, use the open source software program, 7-Zip. It’s an endpoint security program that will encrypt and password protect your e-mail attachments.
- Handle Paper With Care - Paper documents might be hacker-proof, but that doesn’t make them safe. Yes, non-digital thieves still exist. So instead of just throwing that wadded up document in the trash, take the time to shred it. If there’s important info on the paper, then it deserves to be trashed with care.
- Delete Metadata - Did you know that files you send could contain hidden information that could open you up to a brute force or social engineering attack? That concealed data, otherwise known as “metadata,” is descriptive info attached to a digital file. If your project is quite hush-hush, you might need to be extra careful about the metadata you’re sending out. For more on this, check out “Metadata Defense in Word” and “Removing PDF Metadata”.
When it comes to endpoint security, you alone are responsible. Don’t fail yourself or your clients by being lax in this area. I’ve covered some of the ways to ensure data safety. What are others that I’ve missed? Add to the post in the comments section below.