Cyber-security: How to protect your clients and your business

Cyber-security: How to protect your clients and your business

From:  
Gemma Church details the ins and outs of how you can keep sensitive data protected as an independent professional

As a freelancer, you must take a professional approach to data protection and cyber-security. Your reputation and success depend on it, because if you open your business to any of the (ever-increasing) vulnerabilities in the online world, this could have serious implications for you and your clients.

Seven million cyber-crimes are committed against the self-employed, freelancers and small businesses in the UK every year, according to the Federation of Small Businesses (FSB).

Dave Stallon, the FSB’s commercial and operations director, said: “It takes a small business 2.2 days to recover from a cyber-attack, and the average cost of cyber-crime against a small business is £3,000.

It’s serious stuff. And there are a lot of factors to take into consideration to protect yourself against cyber-crime as a freelancer.

Understand the legislation around data

One of the key concerns for freelancers and their clients is data security and preventing unauthorised access.

A spokesperson from the Information Commissioner’s Office (ICO) said: “The law requires appropriate measures to be put in place to achieve this. We’ve fined a number of organisations where simple steps have not been taken, for example where laptops have been lost or stolen but they’ve not been encrypted.”

The UK legislation in this space is changing. The current Data Protection Act (DPA) will be replaced by the General Data Protection Regulation (GDPR) on 25 May, 2018.

The GDPR will introduce new requirements for businesses to be transparent and accountable for how they use personal data, together with strengthened rights for individuals to access and control data held about them, according to the ICO.

The ICO spokesperson added: “Freelancers need to understand they may have responsibilities under data protection law in their own right, in addition to their liabilities under their contract with the client.

“Getting data protection wrong could lead to enforcement action by the ICO as well as litigation by the client, therefore it’s vitally important freelancers take appropriate steps to understand what data protection law means for their business and what the contractual obligations to their clients are.”

As a freelancer, you need to have a robust system for handling and protecting personal data.

You should also know who’s given you their personal data to work with, what the purposes for using it are, and when it should be deleted. Agreeing appropriate security standards for holding and sharing personal data is also essential for keeping data safe.

Under the new GDPR law, it will also become mandatory to report data breaches to the ICO within 72 hours.

“Freelancers should take time to understand what this means for them, and what action they should take in the event they identify a data breach,” the ICO spokesperson said.

The changes the GDPR will bring should not be underestimated – it’s important that you understand your specific responsibilities and act now to meet the 25 May, 2018 deadline.

Approach security on a case-by-case basis

You should understand the policies, limitations and guidelines if you are using a company’s systems.

Rob Hadfield, technical and training detector at online security advice company Get Safe Online, said: “The company should manage and control access to its systems and ensure that any freelancers understand the rules and policies in place.”

According to Hadfield, it is also important that freelancers consider transmission of malware.

He added: “Most companies protect their IT estate but either do not have control, or have little control, over a freelancer connecting a malware-infested laptop to the company’s systems.

“This could be damaging for both parties. This situation may be covered under a company’s BYOD (Bring Your Own Device) policy.”

To protect your clients’ systems and your reputation you must “ensure you practise good cyber-hygiene with your own equipment, including patching (updating software and apps – including operating systems – to get rid of bugs), keeping your antivirus software up to date and using strong passwords,” Hadfield pointed out.

Stay safe on the move

The flexible nature of freelancing means you may often find yourself working in a range of locations.

Luke Milner, senior technical writer at risk management and compliance company IT Governance, said: “A phone, tablet or laptop is easily lost or stolen, and Wi-Fi hotspots, which are normally a boon, can be risky to use.

“Just as clients’ businesses are physically static, freelancers can often work from anywhere and while on the move. This is a modern challenge that many businesses haven’t yet come to terms with, so in these situations it falls to the freelancer to protect their clients and their reputation.”

So, password protect your devices and avoid using a public Wi-Fi network to transfer sensitive information such as card details.

Hackers can set up fake Wi-Fi hotspots, which can enable them to intercept sensitive information you transfer online.

What next?

The Cyber Aware website (cyberaware.gov.uk) provides a quick self-assessment questionnaire and useful information on how to protect yourself against cyber threats. The ICO also provides advice and guidance on its website ico.org.uk.

And don’t forget that good security is not just about cyber-security. Physical security measures, such as ensuring you can lock IT equipment away and properly destroying paperwork that’s no longer needed are also important.

Vigilance and education are vital if you want to protect both your work and your clients in the online world.

By Gemma Church