As a freelancer/consultant I use freelancer sites like PeoplePerHour or upwork to get gigs. One of the issues evident in every job I have done is the disregard for security.
Most IT or web related jobs done on PPH are going to involve the exchange of sensitive data, which is required in order to do the job. Clients will gladly share everything with multiple freelancers without a second thought, including their logins for control panels, hosting accounts, domain registrars, website and everything else.
This unconscious sharing of such details has massive security implications which I will address below and offer better and more secure alternatives.
Security Bad Practices
Your login details are for your own use, and everything that is done with your login credentials links back to you. If you share these credentials with multiple people and there is a security breach, you will have no idea who is responsible. If you are an employee and have a boss, then you will most certainly be blamed for the security breach, which could cost your company dearly.
You should not post any sensitive information in the job chat/discussion on the freelancer site (unless they are temporary logins which will be revoked). These conversations will most likely be stored in plain text and not encrypted in any way. Certainly, in the case of PeoplePerHour, I have asked them directly and they have confirmed this is the case.
Thousands of sites get hacked and data is stolen every single day. Most of them are unaware they have even been hacked and the breach can go unnoticed for months or even years in some cases.
If any of the freelancer sites suffer a security breach, the hackers will have access to any data which is not encrypted, which includes all those login details that clients have entered in the chat with their freelancers. Not forgetting that the support staff can also read all your discussions as well, so any dishonest support agent could simply lift your login details and use them for illicit purposes.
Sadly there are also a lot of unscrupulous freelancers out there too, who will intentionally do damage to your systems in order to generate more work for themselves, or may seek revenge in the event of a dispute or disagreement.
I have had several jobs cleaning up after such situations and have found all kinds of back doors, insecure plugins, malware and extraneous logins which presumably had been created by other freelancers.
SECURITY GOOD PRACTICES
Ideally, you should find a single reliable freelancer/company who you are happy with and stick with them, rather than using a different freelancer each time. Not only is this better for security, but using multiple freelancers can also cause other problems as they are oblivious to what work their predecessor has done, and so will often break or undo each other’s work.
Sticking with the same person/company creates a relationship as well as a recurring income, which will, in turn, result in better quality of work, fewer issues and less expense as they will know your systems and the work they have done before and be more inclined to keep you happy.
Plus any decent freelancer/contractor will use a task/project manager and will keep notes on the work he does for ongoing clients which also improves communication and project management.
Do not post sensitive information in the workstream/chat. An exception would be if you are providing a temp login which will be revoked once the job is done.
If you do need to give a freelancer (or anyone) temporary access to your accounts or website, then ideally you should provide them with their own login, not give them yours, which you should revoke (delete) once the job is done.
If it is not possible to create a separate login for your freelancer, then you should always change your passwords after the job has been completed.
HOW TO SECURELY SHARE YOUR DATA
Cloud document sharing
Everyone has access to cloud storage and the ability to share files and documents FOR FREE.
I come across a surprising number of people who are unaware of this, but every single Windows user has access to OneDrive by default. It is part of Windows operating system and allows you to sync up to 5GB of files to the cloud for free. You can then share these files with anyone simply by sending them a link.
Even if you do not use Windows, you can still get a free Microsoft / OneDrive account.
So you could temporarily put all the info you need to share into a text file or word doc, and share that link with your freelancer. Once the job is done, unshare that file and delete it.
NOTE: This is also not an ideal method and still not very secure to have your login stored in plain text, but it is certainly better and putting them into your workstream where they be on display forever or sending them via email.
You can also do the same with Google Drive, which you also already have access to if you have a free Gmail account.
Use a password manager
Using a password manager is something I recommend to everyone. It will remember all your passwords and other personal info for you, software licenses, bank details etc. It will automatically log you into websites, fill in forms, generate strong passwords for you and more.
The two solutions I generally recommend are LastPass and Dashlane, both of which offer a free edition, although there are many other apps available which vary in features and simplicity.
Password managers are also the most secure way to share logins and other sensitive information with your freelancer and then revoke the share once the job is done. You simply choose to share a login, enter the freelancers email address, and it will send them a share request. If they already use the same password manager, then job done, otherwise, they simply need to register for the free version in order to accept your share request.
As a result the login details are never shared in plain text, as the freelancer will only use the password manager.
I am going to mention WordPress specifically because this is somehting I deal with a lot, since I build, support and manage WordPress websites.
In almost every WordPress job I do, clients will send me their own admin login, which they have sent to every freelancer before me, who still have access as the password has never been changed.
If you need to give someone permanent access, then create a new admin user just for them, if just need to provide temp access, then I suggest using the “temporary login without password” plugin , which will allow you to provide a temporary login which will automatically expire after x number of days.
How often do you use public WiFi? Are you aware of the dangers of using public WifI? Do you know how to protect yourself from harm? These are some of the questions that I will answer in this post, so if you or your kids are not currently securing your mobile devices, keep reading.
The Dangers Of Using Public WiFi
Everyone has several points during their day when they find themselves somewhere in public, and they just happen to catch a break. In those times, most people will simply take out their phone and check their favourite social network, email, and similar things.
However, to do so, they need an internet connection, and if they do not have a mobile signal then they will next try to scan the area for public WiFi. Some people even have their devices set to connect to any public WiFu automatically. If you do that, you might think that you are lucky having free internet access. However, you might just be about to enter a hacker’s trap.
Any free public WiFi that you find could actually be a trap set by hackers, but even if it is legit, with such poor protection there’s pretty much no difference. We understand that sometimes you don’t have the time or patience to think about this sort of thing. You might be in a hurry, or maybe you are waiting for an important email, or message.
Even if you use it for a little bit, your phone, tablet, or laptop can still get compromised.
So in this article, I am going to mention some of the most common and dangerous threats that you may come across when using public WiFi. And also some of the methods that you can use to protect yourself from them.
Snooping is possible when you use any WiFi network that doesn’t have encryption, and most public WiFi networks don’t, which makes them different from your home network. When you use your private WiFi network at home, it has password protection, as well as encryption (or at least it should).
Public WiFi networks are different, and many don’t even have password protection at all, so as to easily make them available to anyone. Such as tourists and guests of hotels, restaurants, and alike. However, this also makes them vulnerable, as well as convenient.
When you use a network with encryption, your online actions are hidden from others. If you use one without protection, then everything you do is out in the open for everyone else to see. And if you use such networks to connect to your bank or social network, you will make your privacy available to others.
It is basically like sitting in an office with glass walls, everything you do is visible and nothing is private.
If you use public WiFi to connect to your bank, social network or anything else, you will make your privacy available to others
When you are using your laptop or some other device in public, and you connect to an open WiFi, make sure to mark it as a public network. If you do so, the device that you are using will lock down the connection. If you fail to do so, your device will treat it as a safe connection, which might lead to exposure.
In case that someone hacks your device, they might get access to all of your private content and info. That includes pictures, potential credentials, business documents, and everything else that you have.
Malicious WiFi Hotspots
The most dangerous thing that can happen to you is to connect to a fake public network.
They will often have a name like “Free WiFi“, or “Public Network“, or something like that. These are networks that hackers themselves set up, and then leave open, and without protection.
They do so in hope that someone would connect without realizing the danger, and most people will do just that. Not everyone knows about this method, and in fact, the majority doesn’t have a clue that this can even happen to them.
Several public WiFi Hotspots are set in place by hackers and left open to steal your online credentials, your business documents, contacts list, messages, emails, and everything else
But, when they do connect to one such network, hackers will see everything that they do.
This is how they steal your online credentials, your business documents, contacts list, messages, emails, and everything else.
They can later use this info to break into your bank account, steal your identity, hijack your social networks, and generally ruin your life for their own gain, or simply for their amusement.
Getting malware on your device via WiFi hotspot that hacker controls is much simpler for them, and much more dangerous for you. Hackers can use malware for many things. Some of them might only steal your files, photos, and similar data.
There is always a worse option, which is when malware actually downloads even more malware. Eventually, the hacker might get complete control over your entire device. If that happens, there is no limit to what they can do, from locking down your phone, to making it a part of a botnet.
This method is pretty simple when it comes to its concept. Basically, hackers will monitor network traffic and record big swathes of data that passes through. They can inspect this data later, and try to find some useful information.
This method can lead to discovering someone’s credentials, and other personal information. The consequences are many, and they might steal your money, your identity, or blackmail you if they find some secret.
And the worst part is the fact that sniffing through packets of data is not even illegal most of the time. It depends on the country’s laws, but not many choose to bother about things like this, that only affect several people at once.
Doing these things is actually very easy. Most people imagine that you need a lot of technical knowledge, or maybe some expensive equipment to do so. The truth is that almost anyone can do these things with an app or two, or some program of a higher quality.
The real technical knowledge is pretty much not even needed, and most instructions on how to do these things can be found pretty easily online.
You should have in mind that all of these dangers are a real threat, whether you are in your hometown, or in a foreign country.
Free WiFi can be a real danger whether you are in your hometown, or in a foreign country
How To Protect Yourself From WiFi Dangers
Now that you know what threats are out there, you should also learn how to recognize the danger.
Also, once you do recognize it, how to protect yourself. Some of these methods are something that you will just have to remember, and others will do most of the job by themselves.
Your job is to try to remember as much as you can, and when you can, you should avoid public WiFi. It might not be as convenient, but it is always recommended to wait until you get home. Now, let’s see what the methods of protection are.
Double-Check The Network Before Using It
False assumptions are what leads to most of this kind of problems. In short, you shouldn’t assume that a WiFi network is legitimate just because it says so. You shouldn’t really use any unknown WiFi since you don’t know who it belongs to.
It might belong to a restaurant, coffee shop, or a nearby hotel, or it might belong to someone fishing for easy targets.
Check Your Email And Social Networks On Your Own Computer
Using public networks, and especially public computers for checking your social network, email, bank account and alike is out of the question. You should always remember that because you never know who might be watching.
When you do things like that, do it from your own PC, on your own internet. That way, you will know for sure that you are safe and that you are the only one who is watching.
Update Your Software And Antivirus
Your OS will get updates on a regular basis, which goes the same for all legitimate apps on your phone or tablet. Installing these updates might be boring and annoying, but it is one of the best ways for you to stay safe.
New vulnerabilities are always being found and patched. If you have a system that did not patch old vulnerabilities, hackers might still bypass your protections. Most of these updates will install themselves automatically, only if you allow that in your settings.
And the same goes for your antivirus, that won’t help much if you connect to a network that hacker controls. However, it will help a lot if they try to send you a malware. That is why you need to keep it fresh and operational.
Forget A Hotspot When You Leave
If you have no choice and it is an emergency, you will simply have to connect to a hotspot and do what you need to do. However, we recommend doing what you must as quickly as possible. And after you finish, forget the hotspot immediately.
You don’t want to risk your phone remembering it and reconnecting automatically every time when you get close to that hotspot. That way, you might allow someone access without even knowing that you are in danger.
Having your phones remember WiFi that you use is practical and convenient, but also very dangerous. This is a danger that you must not overlook, otherwise, trouble is sure to follow.
Use A VPN
Finally, the best thing that you can do to protect yourself is to use a VPN. Using them is cheap, it is easy, and they will follow you always, and protect you no matter where you are. Even if you connect to a public WiFi.
VPN stands for Virtual Private Networks, and their main purpose is to help you stay safe online. They have multiple methods of doing so, which all add up to one big protective app that you can download on any device.
Depending on a VPN, there are different features that you can use to enhance your protection.
However, three main features are what they all have in common;
First of them are security protocols. In order to keep your data safe, VPN can create a protective tunnel around your data flow. Your data goes through this tunnel, and while it is inside, nobody can use it, see it, or record it. With this method, your online actions are safe and under strong protection.
The tunnels are not perfect, and there might be a leak. Still, there is nothing to worry about, because VPN’s also encrypt your data, just in case something like this happens. They use strong encryption that will keep everything you do protect. Even if someone somehow manages to get through your tunnel’s protection, they won’t know what they are seeing. And these protections are so strong, that some of them have never been breached before.
As mentioned, VPN’s offer a lot of extra features. Some of them serve as an enhancement to the existing methods of protection. Such as DNS leak protection, that will make sure that your tunnel has an extra layer.
Others will make sure that your protection will remain even if something disturbs the connection. This is what kill switches do.
All in all, whatever features they offer, the best VPN’s will protect you as best as they can. They will do it by blocking out hackers, stopping malware, and even by blocking ads.
To buy a VPN service is economical. You can subscribe to one of the best VPN starting from as little as £2.45 per month. Considering that your privacy and safety is at stake, it is well worth to give it a thought.
Which VPN To Choose?
Because of their sudden popularity which keeps on increasing, there are now hundreds and hundreds of different providers. Choosing one is hard enough, but choosing a good one can be even worse.
Here are some of the most popular VPN providers. I personally use PureVPN, and each account allows up to 5 devices to be connected. So depending on the size of your family, then a single account could be used for your entire family’s smartphones.
All of them are strong, fast, cheap, and they will give you the best protection that you can find.
Using public WiFi hotspots is never a good idea without a VPN, but you sometimes can’t help it. It is understandable, but you should still try to avoid doing it when possible unless you have a VPN to protect you.
However, when you find yourself in a situation that you have to use one, try to remember what you should and shouldn’t do. Do not log into social networks, emails, and especially don’t connect to your bank account. Also, try not to pick something that looks like it is offering itself too strongly.
And of course, subscribe to a VPN, and always have it on your devices. Many VPNs allow multiple connections at once, which means that with one subscription, you can protect 3-5 of your devices at the same time.
So remember these things next time when you choose to connect to a public WiFi hotspot and try to stay safe.