Are you a self-employed person who works mostly from home or from a coworking space? If so, it’s essential to be aware of the risks for you, your family and your business. Sometimes there are risks that we don’t think about but are extremely important to consider so that the integrity and security of your information, assets and person are protected and when possible, secured. In one way or another, there are ways to mitigate and prevent them and thus reduce the probability of an unfortunate situation. It is important to conduct a risk analysis according to good practices to obtain a complete picture of the situation that concerns you. However, since the objective of this article is to raise your awareness, we will limit ourselves to a few cases.
If you work from home, there is a good chance that you will be the victim of multiple incidents: a theft, a break-in, an unwanted surveillance without your consent, an access to your work location, a fire resulting from one of your office equipments, or an inability to work (e.g.: because of a power or Internet failure), etc. No one is immune to these types of incidents. Here are a few things to consider to mitigate them.
- Have an alarm system connected to a central station. This aspect aims to reduce the risks related to theft, intrusion, movement, glass breakage and fire. Depending on your situation, other components could also be connected such as a heat sensor (to protect your equipment) or a panic button.
- Install window guards near the ground to limit the likelihood of penetration through them.
- Set up a video surveillance system of your outside perimeter and, if necessary, the one inside. It could be interesting to add to it the cloud backup of the captures. This way, in case of theft of equipment in your location, you will always have access to evidence to identify the criminals.
- Determine a work location in your home and limit access to it. It is important that this location does not allow for information on your screen (behind you) or on your desk to be read. Also, it is preferable to avoid having your professional and confidential discussions heard by everyone, even outside! Among other things, you should never sit too close to a open window or work without headphones if your discussions can be heard.
IT and voice security
- Purchase a recent router with at least 2 channels. Its function is to protect your computer network from possible intrusion. Be sure to make the necessary upgrades over time. Ideally, the router should not belong to or come from your Internet service provider so that you have full control over it. It is therefore important to define complex passwords that come from yourself, both for the master code (administrator) and for the networks. One of the two channels will only be used by your company while the other will be used for your family members’ needs. Visitors must also have their own network with a different password. For security configurations, it is strongly recommended that you consult a professional since the factory settings do not necessarily correspond to your reality and may represent a security breach for your computer network.
- Review behaviors and bad habits. It’s important when you leave your workspace to lock up confidential paper files and lock your computer every time you step away from it (even if you’re just going to the bathroom!), as if you were in the office.
- Enable the feature to automatically lock your computer screen after a certain amount of inactivity. Aim for a short period of time.
- Acquire a computer that will only be used for work and by yourself only. Other family members should never use it so as not to access your data or risk introducing a virus.
- Enable data encryption on the computer’s hard drive.
- Avoid saving personal and/or confidential business data on the computer’s hard drive, especially if you have to travel to multiple locations (e.g., clients’ sites).
- Pay attention to fraudulent emails and those that may contain viruses or questionable files and URLs that may result in ransomware. Many organizations offer training to develop your ability to spot them and reduce such risks.
- Avoid concentrating all your IT services under the same provider. This way, in the event of a computer attack, you decrease the possibility of having all your applications and data blocked and/or lost. For example, email services might not be provided and hosted in the same location as the website or backup copies of your files.
- Avoid receiving business calls on your home phone line. Other people in the house could be listening in on the discussions. Worse, a young child could reveal personal and confidential information without your knowledge. A dedicated phone line or cell phone should be preferred.
Data security (paper and computer)
It is important to protect the confidential and business information of your clients and your own company. For example, a thief could attack your paper documents that contain important data, or even virtual documents via an external hard drive, laptop, USB key, etc.
- Verify where the computer data is hosted, including the data backups, cloud tools, accounting systems and your emails. Since regulations and laws differ from country to country, it may be best to make sure it is located in Canada.
- Prioritize data backup in a secure cloud environment to keep all data in a location external to the computer. This way, if your computer is stolen, destroyed or defective, it will not be lost and will still be accessible. If you need to store data at home, do it on a NAS (small server) with advanced security settings, data encryption and automatic synchronization of backups with a cloud hosting service.
- Always apply the 3-2-1 method for managing your data.
- Avoid making backup copies of your data on external hard drives and/or USB drives since, being tangible assets, these can be stolen.
- Keep backup copies of your data in a different location in your home, making sure they are preferably encrypted with a strong password.
- Use a virtual secure password vault for your passwords rather than writing them on paper.
- Lock up confidential and business files when you leave your workspace.
- Use a shredder at home to destroy confidential papers you no longer need.
Maintaining work ability
Electrical failures are also a significant risk, as they could prevent you from working for some time. Moreover, if your electronic devices are not well protected against electrical voltage variations, it is possible that they could be damaged while causing a potential loss of data. It is therefore suggested that you purchase UPS equipment to maintain your ability to work during a power outage. This equipment also protects computer equipment against electrical fluctuations.
Insurance: another aspect not to be neglected
Purchasing business general liability and errors and omissions insurance is an area often overlooked by the self-employed. It is one approach to transferring some of the business risk to consider.
It is also important to notify your home and business insurance company that you are working from home and to review the clauses in your insurance policies to that effect. Are you covered if the computer you use for work causes a fire that results in a total loss of your apartment building where you live?
The importance of the employment contract
To avoid unpleasant surprises, formal contracts with your clients are preferable when you are self-employed. In this agreement, we find, among other things, exit clauses or force majeure clauses in case of breach of contract. Confidentiality agreements between you and your clients are also necessary.
Several approaches to reduce business risks were discussed to raise your awareness. If you would like more information on what to do when teleworking, we invite you to read our blog post on the subject.
And if you need guidance to manage the risks you face as a self-employed worker, the team at Benoit Racette Servics-conseils Inc. can help you! Contact us now by writing to [email protected] and we will be pleased to offer you advice tailored to your needs.