Cybercriminals typically prefer to target people who work in HR departments, as their job involves opening and managing multiple ‘official’ documents – often coming from unknown sources e.g. CVs, application forms, invoices etc.
With the continued rise of the number of freelancers though, cybercriminals are beginning to shift their focus away from HR professionals and on to self-employed workers. Freelancers tend to communicate a lot with people they don’t know personally (prospective new clients etc.), regularly open new files in emails and share personal information in their inboxes (invoices, PayPal details etc.)
As many freelancers also work on laptops on less secure networks – whether that’s at home or at a coffee shop – it makes them a perfect target for cybercriminals.
How cyber-attacks could affect freelancers
There are many different ways a cybercriminal could choose to attack you, depending on the nature of your work and the data you are in possession of. We’ve outlined some of the most common outcomes of a cyberattack that are universal to freelancers who are affected:
A cyber-attack could lead to severe financial consequences for you as a freelancer. If you are the direct target of a phishing attack, for example, and you unwittingly pass your bank details to a fraudster then you could lose a lot of money.
If the attack results in the loss of data that you were responsible for, then you could be held liable for the breach and have to pay penalties to the regulator as well as any defence costs you may incur. In some cases freelancers have been forced to pay a ‘ransom’ to the cybercriminal in order to regain access to their systems so they can continue working.
As well as the significant risk of you losing money, a cyber-attack could also cause you massive reputational damage.
When you suffer a cyber-attack you are obliged to notify anyone whose data may have been compromised – meaning every client whose data was on your machine needs to be told so that they can take extra precautions at their end (change passwords etc.)
Many freelancers rely on word-of-mouth to gain new customers, so falling victim to a hugely disruptive and expensive cyber-attack is not going to encourage people to recommend you.
Disruption and loss of earnings
Having to deal with the effects of a cyber-attack can be time-consuming. As a freelancer, your time is valuable, so spending time dealing with fixing a cyber-attack and dealing with the aftermath isn’t ideal.
What cyber threats do freelancers face?
One of the biggest cyber threats faced by freelancers is the lack of awareness of cybersecurity risks. Most users simply don’t understand how cyberattacks happen and assume it will never happen to them. However, recent data shows that a small business in the UK is hacked every 19 seconds, with around 65,000 attempts to hack SMEs occurring every day in the UK – around 4,500 of which are successful.
Freelancers are most likely to face three major cyber threats:
- Malware/ransomware and other viruses
- Unpatched software
- Phishing scams
Malware/ransomware and other viruses
Malware is the most common cyberattack, with online criminals using ever more carefully-worded and well-designed emails and false websites to trick users into downloading harmful software onto their computers.
There are hundreds of millions of malware attacks carried our every year, making it the biggest threat for freelancers who regularly receive emails from people they may not know.
Malware is a catch-all term for any malicious virus that infects your computer or device and changes the way it functions e.g. recording your keystrokes so fraudsters can access your passwords.
Ransomware is designed to completely lock you out of your own device until you make a payment to the cybercriminal.
Software companies spot problems all the time and release patches to fix them. It is important to always keep the software you use up to date to guard against newly discovered flaws and security weaknesses.
As soon as a vulnerability is spotted in software, cybercriminals rush to exploit it before it is updated. Therefore, if you leave it too long before updating then you could be exposed to the risk of an attack.
For an example of how serious such an attack can be, the “WannaCry” ransomware attack that caused so much disruption to the NHS in 2017 targeted a security flaw in NHS computers that were running a version of the Microsoft Windows operating system that hadn’t been updated.
These are spam emails that seek to replicate legitimate and trusted sources, tricking the user to clicking a link and inputting their personal data.
A convincing phishing email looks exactly like the real thing and will usually ask you to type in confidential information like your login details and even bank or credit card details.
There has been an increase in phishing emails related to the COVID-19 pandemic, with scammers sending emails that appear to be from the World Health Organization (WHO) or the NHS asking for personal information. Other popular tactics include sending emails that look like they are from well-known banks or institutions such as the Post Office.
How to protect yourself from cyberattacks
Although cyber-attacks are increasingly widespread, there are some relatively simple actions you can take to drastically reduce the risk of falling victim.
Be vigilant and sceptical of everything
Most cyberattacks rely on deception and count on the user being too busy or distracted to properly assess what they are clicking. Even the best firewall and antivirus defences can’t stop you from clicking a link in a scam email.
Being vigilant and checking every email and social media request you receive is one of your best defences against cybersecurity threats.
Keep your devices and software updated
A big Windows update at the start of the day might feel inconvenient, but it’s important to make sure your devices and the software they run are up to date. Some of the most common malware is designed to take advantage of outdated apps, plugins and software, so avoid that risk completely by actioning updates as soon as possible.
Use stronger passwords
It may seem obvious, but a lot of people still use very weak and easily compromised passwords. A ‘brute force’ attack uses software that inputs thousands of passwords in a short period of time, so if you use common words and number combinations (e.g. a surname or place name along with a date-of-birth) then your password could be easily compromised in a matter of seconds.
Use an password generator to create strings of letters, numbers and special characters that would be impossible to crack (e.g. “Y5<zBG:Rt;”) and use a password management service like LastPass or Keeper to keep track of them all.
Use a VPN
VPN stands for virtual private network – an application that encrypts your online traffic and changes your IP address.
This means you can use public Wi-Fi networks without worrying that hackers are accessing your system and stealing your information. As freelancers tend to ‘hot desk’ and work in different locations a lot, a VPN can be a very useful part of your cyber defences.
There are a lot of VPN providers, all offering varying levels of encryption, speed and location choices (i.e. what locations you can set your IP address to). You can find free VPNs online or in your phone App store, but the better ones charge a monthly subscription fee (anywhere between £1 – £15 per month).
Encrypt your data
As a freelancer you probably use a cloud storage service such as Google Drive, OneDrive or DropBox to make sure you have access to your work files. All reputable cloud storage services encrypt your data automatically, however if you store some sensitive information such as your bank login credentials, customer details etc. it is advisable to add an additional layer of encryption.
There are a lot of high quality and free tools and services you can use to encrypt your files before they go onto the cloud. These are called “client-side” encryption tools and popular options include Cryptomator, pCloud and Sync.
Back-up your data
If you suffer a catastrophic loss of data, then having a backup can be the difference between days or even months of lost productivity or just a minor inconvenience. If you are the victim of a ransomware attack, the cybercriminals will demand a payment before you can access your data again – so having a backup immediately negates this.
There are several ways you can choose to back up your files, but it is advisable to create both a physical and digital back up of all your important data and assets. Make sure you back everything up on the cloud every day and then upload all new files onto a physical hard drive as well.
Freelance insurance tailored to you
Create Insurance offers specialist insurance cover for freelancers, self-employed workers and small businesses in the creative industries – get instant cover on public liability, professional indemnity, equipment insurance and more.