Digital Security Checklist for Designers, Developers and Digital Teams

Examine how and why it’s important to try to secure your own devices, connectivity and more in order to help keep you, your work and your clients safe.

Often when I write about digital security, it revolves around how to secure digital products you build. But if you’re working as a web designer, developer or other digital pro, there are other things you should try to secure—like your work devices, your email and your financial transactions.

Just one slip and a sensitive client, employer or your own data could end up in the wrong hands.

To help keep data safe, you need a digital security checklist and procedures. The following are some we’ve compiled.

Secure Your Devices

Your computer or laptop may be the primary device you work on. However, if you use your smartphone to log in to work accounts or share private data, you should also perform these steps on your mobile device.

Checklist:

• Install antivirus and/or antimalware.
• Enable encryption via the security settings on your device.
• Review your list of installed apps every few months. Uninstall and delete any you don’t recognize or use.
• Save automated backups of your desktop and computer files in the cloud in case of ransomware or infection.
• Hide notification details on your phone’s lock screen. This will prevent bad actors from being able to “verify” your identity when logging into apps with two-factor authentication enabled.

Secure Your Connection

An unsecured or even public internet connection can make your devices vulnerable to attack. Before you do any work over your current network, take the following steps.

Checklist:

• Set up your on-site router for greater security. Give it a name that’s unrelated to your own. Use a strong password that’s hard to crack. And enable encryption (like WPA3).
• If using public Wi-Fi, don’t do anything related to work that could put your data or your clients’ data at risk.
• To keep your data safe in a public setting, connect to a trusted hotspot (local or mobile) or a virtual private network (VPN).
• A VPN is useful for encrypting your connection whether you’re in a public or private place. If you feel you need an extra level of security, consider getting one.

Secure Your Browser

You likely have numerous web browsers installed for testing and troubleshooting. You might also have different ones to keep personal and private activities separate. Use the following checklist for whichever ones you use for work-related activities.

Checklist:

• Use a browser built for security. Brave, Tor and Firefox are some of the most secure browsers today.
• When viewing something private, consider opening a private window to do so.
• Clean your browser history and cache regularly.

Secure Your Software

Every app or software that requires a login to use (even if you don’t need to log in every time) needs to be properly secured. Even if you’re not storing confidential data there, other details about yourself could be hacked and used to unlock an app or account where that data does live.

Checklist:

• Choose applications with built-in security features and/or encryption.
• When using an API, make sure it goes through a trusted source. For instance, Plaid is often used to link financial applications, making it a preferred choice for users.
• Implement 2FA or MFA whenever it’s available.
• Be mindful of how much and what data you share with third-party applications. Only give them what’s necessary and reasonable.
• If it’s not done automatically, keep all your software updated.
• Keep a list of all the software you use for work. Regularly review and delete any accounts that you’re no longer using. If given the option, request that your data be deleted as well.
• When taking payments from clients, use secure payment methods with third-party processors like PayPal or Stripe instead of sharing direct deposit banking info.

Secure Your Passwords

Using the same password you created for yourself back in high school might make it easier to get in and out of various apps, but it’s terrible for security. That’s also not the only way passwords can make you and your clients vulnerable.

Checklist:

• Use a password manager to generate, store and manage your passwords. I’ve tried the most popular ones but have found Zoho Vault the most reliable.
• Install the password manager on both your computer and phone (even if you don’t use the phone for work).
• Create a password policy (in your password manager) so it automatically makes each more than eight characters and includes lowercase letters, uppercase letters, numbers and symbols.
• When sharing passwords with coworkers or receiving them from clients, send them securely. You can use a password manager or send them over encrypted email. During the onboarding process, onboarding software will enable you to do this as well.
• Change your passwords at least once a year. For applications containing more sensitive data (like your bank account), do it every three to six months.

Secure File Transfers and Storage

When sending files back and forth with team members and clients, it’s vital to do it over a secure connection. Your regular email inbox might not be the best place for this.

Checklist:

• Use a cloud storage system you can trust. Amazon Web Services is being sued for its unlawful use of data stored on its servers and selling it to others, so it might not be the best resource.
• When sending or sharing files containing sensitive or confidential info, use software built for that purpose. For example, when collecting contract signatures, don’t send a PDF or Google Doc directly. Instead, use something like DocuSign.
• The onboarding and offboarding processes often involve the exchange of private data. Do not use online forms or email for this. Secure software like Content Snare is a better option.

Secure Your Email

While many communications with coworkers, clients and leadership may be practical and mundane, if your messages contain something sensitive or private, there are ways to fortify your email.

Checklist:

• Use a private and secure email service provider. Proton Mail is a good option, though you can also find professional email hosting services that prioritize privacy like Namecheap.
• If you receive an email that looks like it might be related to business (like if it says there’s an invoice attached), don’t open it unless you know who the sender is.
• Don’t click on any suspicious-looking links from unknown senders, or if they appear in emails from known senders that don’t sound or look normal (as they could be hacked).
• Keep your personal and professional communications relegated to separate email addresses.

Secure Your Website

If you’re using your website to sell or collect information from leads or customers, then it needs to be secured.

Checklist:

• Choose a secure web hosting provider. Your plan should include an SSL certificate, firewall and security monitoring, among other things.
• Use a content management system like Sitefinity Cloud that allows you to add even more security and privacy protections.
• Keep your CMS, themes, extensions and PHP updated to the latest versions.
• Use a trusted payment processor and gateway for ecommerce transactions. Look for ones that are PCI DSS compliant.
• Add two-factor authentication to the CMS login.
• Enforce strong passwords for every user.
• Require password resets at least every three to six months.
• Limit who has access to your site. Set access levels based on the user’s role and responsibilities.
• Back up your website daily, so you can roll it back if it gets hacked.

Other Tips for Enhancing Your Digital Security

Here are some additional tips to help you enhance your data security and privacy while working.

Checklist:

• Set up email alerts that will tip you off to irregular activity. For instance, alerts would be useful for excessive login attempts, a password change, your financial account dropping below a certain level, etc.
• Only give coworkers, contractors and other collaborators access to your devices, apps and other work-related assets when needed. If possible, limit their access level.
• The same thing goes for clients. Try to limit how many people are involved in data sharing and access.
• When asking clients for information, data and files, only ask for what you absolutely need.
• While it’s important to document your discussions with clients, treat those notes (handwritten or digital) the same as you would other sensitive and confidential information. Store or dispose of them appropriately.

Wrapping Up

We think a lot about how to fortify the digital products we build for clients, but that’s not the only kind of security we need to be concerned with in this business.

The more time we spend online, the greater the risk of something getting hacked or some data transmission being intercepted. And what if that something happens to contain sensitive business information or private client data?

With a well-formed digital security plan and checklist, you can have your bases covered—from your hardware to your software and everything in between. The 45 points listed in this blog will help you get started.