Designers are responsible for keeping client files secure at all times, especially online. Designers who fail to secure client data are at risk for being sued if unsecured data is accessed in a data breach.
Unfortunately, data breaches are common and the monetary penalties would put any independent designer out of business. For example, in 2020, the average data breach cost $3.86 million. If your negligence leads to a data breach, your client could hold you responsible for their loss.
Keeping design files secure in the cloud requires an active approach
Keeping documents, images, and company information confidential online requires adhering to specific security best practices. For example, data should be password-protected at all times. However, there’s more to data security than a password-protected folder. Here’s what designers need to know about keeping their client’s data secure in the cloud.
- Cloud storage applications operate on a shared responsibility system
Some file storage applications are inherently more secure than others, but those applications still require customer input to be fully secured. File storage security operates according to the shared responsibility model. For example, Box – the leader in secure digital file storage – allows customers to limit access to individual files. However, each customer must configure their security policy preferences to create a secure environment.
Box explains that most data breaches are the result of a “misunderstanding about the role the customers play in protecting their own data,” or “customer misconfiguration of the security tools provided as part of the cloud service.”
To give the customer total control, Box has an added layer of security called Box Shield that will prevent files from being downloaded or shared. However, it’s up to each customer to enable their preferred settings.
Configure and verify all security settings
Why do customers have to configure security settings? Wouldn’t it be easier if accounts came thoroughly secured? While file storage services could just lock everything up by default, that’s not what most businesses want, and it probably wouldn’t help you as a designer.
Sometimes you need to share files with other contractors, but you don’t want them to download or pass on a shareable link. If everything is locked up from the start, you’ll have to spend even more time granting permissions.
If you’re using any kind of file storage platform, take the time to thoroughly go through all security settings to make sure you don’t accidentally leak your clients’ data.
- Avoid uploading design files to a standard web server
Website security is a massive undertaking. However, website security is often compromised by small mistakes and oversights. To ensure your client’s design files stay secure, don’t upload them to a standard web server. A password-protected folder won’t be enough when a hacker gains access to the server.
This is even more important when you didn’t create your client’s site in the first place. You have no way of knowing what vulnerabilities exist just waiting to be exploited by a hacker. If you upload your client’s design files to their website to save time or money, something as simple as an outdated plugin could get their site hacked. In that case, the hack wouldn’t be your fault, but you could be held liable for damages for uploading files to an unsecured environment.
- Don’t upload unnecessary files
The fewer files you upload to the cloud, the more secure your clients’ files will be. While you’ll probably want to handle contracts and design reviews immediately, not every file needs to be transferred immediately. Some files can be delivered through the mail on a storage device. For example, if you’re handing over backups or source files, consider delivering them through the mail using an external hard drive.
Keep your clients’ files secure with a reserved approach to file sharing
Keeping files secure is critical for preventing data breaches, but it’s also an insurance policy for unknown future events that could target your personal files. For example, say a hacker gets into your client’s email and finds links to folders on your file storage account. The right settings and permissions can keep the hacker from wandering around your folders.
Whether you store client files or transfer information, take a reserved approach to uploading and sharing files. Upload as few files as possible and set the strictest permissions possible. Tight security is always the best insurance policy against cybercrime.