Working online is a great opportunity, but it is important to keep security in mind, especially since a lot of personal and financial information is being sent across the wire.
Below are ten security tips for online workers including freelancers, writers, and affiliate marketers.
1. Work from a secure network
It’s imperative to work from a network that is known to be secure. In all likelihood, especially these days, when connecting to the Internet to do work, people are connecting to a network with a shared Internet connection, even from home.
Networks at cafes, libraries, hotels, etc. may not have security in place. Open networks are open to anyone, and with the right software in place, hackers can be intercepting any information sent over the network including passwords and credit card information.
At home it is smart to configure a wireless router for multiple levels of security. The admin and user passwords should be changed to strong passwords right away. Encryption should be turned on and it doesn’t hurt to disable broadcasting of the wireless network name, and to turn on MAC Address filtering for greater security.
2. Work from a secure computer
The computer that handles the bulk of the work should be password protected with a strong password.
More than that it should have a Firewall and Anti-Virus software package in place that is up-to-date. This software can be set to update automatically. The Operating System should also be updated when new security fixes are released.
While many anti-virus applications provide this protection, it is sometimes necessary to include Spyware and AdWare protection as well.
3. Avoid downloads from untrusted sites
Downloading files in order to get new applications and productivity tools is often necessary, unless working in the cloud, but it’s important not to download files from sites that you don’t know.
Trusted sites would be Google.com, Microsoft.com, Apple.com, etc. If you heard of the company there is a good chance the site can be a trusted source for a download.
You can’t always trust the protection software on your computer, especially if it’s definition files are out of date, and there may be malicious code attached to an executable file that is downloaded from the web.
4. Keep passwords unique and secure
Using the same password for every site is a bad idea. Installing a password manager tool like RoboForm can be helpful when creating accounts for lots of sites.
A unique username and a strong password makes it more difficult for an account to be hacked.
Arguably, changing passwords frequently is a smart idea.
A strong password can be a mix of numbers, lower and upper case letters, and special characters. Some people use entire sentences including spaces and punctuation that are easy to remember (for them), as their strong passwords.
5. Untrusted emails and links
In the same way you wouldn’t want to download a file from and untrusted web site, you won’t want to download a file from a link in an untrusted email.
On the same token, spoof emails are often sent pretending they are from well known sites like a bank, or PayPal, with links to untrusted sites.
It’s best to type in URLs directly into the web browser (or selecting from Bookmarks) rather than click links in emails when you are unsure. This is especially the case when linking to a site that you must login to, as the spoof email will link to a spoof web site and steal your login credentials for the real site.
Even turning on images and allowing them to be downloaded in untrusted emails can send a signal to a hacker that the email address is valid and there is a real person behind it. This is a sure fire way to stay on, and get added to more, spam lists.
6. Keep web software up to date
Just like you want to keep the software on your computer up to date for security fixes and the like, it’s smart to keep the content management software for your web sites up to date.
A lot of popular conent management tools like WordPress are used for web sites and they are open source. This means that hackers have access to the code and can uncover vulnerabilities just like anyone else. And if a web site is left without being updated it remains vulnerable to security exploits. Depending on the software being used, auto updates are sometimes a possibility.
7. Transfer files securely
When updating web sites it often requires the transfer of files between the computer and the server. This is often done using FTP software. Most of the time, passwords for FTP are sent in plain text. Since this provides access to a web site’s entire file structure, it’s important that the transfers are done securely.
Most web servers and web hosts will provide the ability to use SFTP or secure FTP. This might mean a different username and password than normal FTP, and will likely use a different port. Check with your host about the setup for your FTP client and use secure FTP when available.
8. Sign out of web sites when complete
For any site that you login to, it might be set to have cookies added that will log you in automatically the next time you visit, even if it is days later.
This can be handy but can also reveal sensitive information if your computer is accessed by a hacker or thief.
9. Lock your device when done
This is similar to logging out of a web site. It’s smart to logout of, or lock, a device when complete. This could be a laptop, desktop computer, tablet, smartphone, or whatever other device you use for work. Locking it could keep prying eyes from getting access to valuable data.
10. 2 step verification
This is a service that Twitter, Google and other top sites have employed. I’m unsure about this method because it is so effective that you could potentially lock yourself out of a web site.
The way it works is, you first provide a web site that has the 2 step verification option with your mobile phone number. And after activating the feature and verfiying ownership of the phone (usually with a unique code sent by text) it requires a second step to gain access to the account on further visits.
What happens is, after the username and password are successfully entered, a text is sent to the provided cell number with a unique code. The login screen will prompt you for the code and only provide access if entered correctly.
This method is highly effective but don’t lose your cell phone and be sure it is charged!