Today, on a discussion board for freelance medical communications specialists, a colleague asked (and I paraphrase here), How do you handle cybersecurity? They specified backing up data and using encryption, 2FA, and (either) a password-protected router or VPN.
They are off to a great start, and I really enjoyed responding to their query–so I thought I’d share my response comprising 6 easy, inexpensive ways freelancers can improve their cybersecurity here:
Great question! It sounds like you have made an excellent start already with the most critical items, i.e., backing up data, encryption, 2FA, VPN, and password-protected router. Some other easy and relatively low-cost and low-maintenance options freelancers can easily implement themselves include:
- Using (consistently) vigorous antivirus/antimalware software.
- Setting software to auto-update to eliminate zero-day vulnerabilities.
- Avoiding “freeware.” (But if someone feels they must use it, getting familiar with VirusTotal.com can mitigate the practice. It’s a great tool that will scan files, including apps, for viruses and malware.)
- Creating an encrypted ecosystem, ensuring data is encrypted while at rest and while in motion. For encryption products to implement beyond one’s drive and cloud storage, Proton provides encrypted email and calendar, encrypted storage, and a robust VPN.
- Using and securing unique credentials. Password managers protect users from inadvertently providing log-in credentials to a typosquatter site and are more secure than most browser password keepers. A good password manager will also generate secure passwords, so you ensure your credentials for each site are unique (so if a site is breached those credentials don’t work on another site you frequent). A good password manager will also sync across devices, which ensures security across your digital ecosystem. I like Bitwarden, but here’s a recent review with several options: https://www.cnet.com/tech/services-and-software/best-password-manager/
- Using a privacy/security-conscious browser. Firefox is a great secure option. Firefox also provides containers to keep nosy apps like Facebook away from the user’s data, and it provides easy access to haveibeenpwned, which alerts you when you have been affected by a breach and details the data involved in the breach (e.g., log-in credentials, SSN, employment history, etc.). Limiting the use of plugins with any browser can enhance security (they are bits of code, too, which may not be secure or necessarily privacy-minded).
Some tools marketed to our profession require the user to upload a file to a third-party server, which may breach a contract with a client or the NDA/CDA. (It’s not always obvious this is what is happening–for example, most antivirus/antimalware software works by comparison and does upload data to a server to perform that action. Sometimes it’s more obvious, like with Grammarly and plagiarism checkers.) Many of these programs use AI/ML, and they learn from the data users provide–something to consider when handling intellectual property and proprietary data.