As a freelance website developer, you have a duty to protect your clients’ websites throughout the development process. This is especially important if your contractual agreement designates that you’ll continue to provide updates on an as-needed basis. That kind of agreement indicates an ongoing relationship, which means you can be held responsible for data breaches, data loss, and other damages at any time.

When an end to the relationship is outlined, your liability has an expiration date. Though, if ongoing relationships with your clients are what you want, website security should be your number one priority. This starts with securing the computer you use to do the work.

On the server, backing up files and databases is only part of the safety equation. If the files you back up are infected with malware, encrypted by ransomware, or damaged, your client can hold you responsible for any losses they suffer as a result.

Here are 5 reasons to bump security to the top of your list for every client, past, present, and future:

1. You’re more responsible than you might think

Freelancing is a good solution when you don’t want to work for a corporation. You set your own schedule, charge your preferred rate, and can work from just about anywhere. Working for a corporation has drawbacks, but there are benefits you’ll miss out on. The absence of personal liability is a big one.

If a client’s site gets hacked or compromised in any way, including loss of data, as an employee you’ll be reprimanded (or fired) while the corporation takes the hit of larger responsibility. As a freelancer, however, you’re responsible for all damages that can be linked to your negligence, even if it’s not technically your fault.

Webhosting liability

For example, say you’re reselling hosting to your client, as opposed to your client signing up for their own account directly with the host. Unless your agreement says otherwise, you can be held liable for data loss caused by the host.

While not as profitable, most professional website developers ask their clients to sign up for their own hosting account to avoid the liability that comes with being a reseller.

2. Security experts don’t advocate the use of freelancers

If you’ve formed a corporate entity for your business, you’re in a better position than most freelancers. However, you should be aware that security professionals like Tripwire, Inc. advise small businesses not to hire freelance web developers. This means you’ve got to up your security game to land contracts from clients who have been educated on the security risks of hiring freelancers.

There’s no way for clients to know you’re not careless (or clueless) with security like the freelancers tested in the article linked above.

Regardless of how long you’ve been a web developer, stay up to date on security issues and solutions related to the software and applications you use.

3. You can get sued for many reasons

Don’t believe for a second that frivolous claims made by clients won’t make it to the courtroom. It happens all the time because that’s how the justice system works. Everyone has the right to file a claim when they believe they’ve been wronged. You might have enough evidence to present an open and shut case, but if you get sued, you still have to go to court and spend time and money to prove it.

Clients sue web developers for a variety of reasons, not all of which are logical.

Some valid reasons clients sue developers are fairly obvious. If you don’t deliver on your agreement, that’s a breach of contract. Despite the near impossibility of setting and meeting exact deadlines, clients have sued for delays and incomplete deliveries.

4. Data security is your responsibility

You might only be responsible for setting up a basic email account for your clients, but they deserve to be informed of the need for securing their email communications. Clients operate under the assumption that you’re securing their project from top to bottom, so you need to be clear about where they need to implement their own security measures.

For instance, if they need to encrypt emails, they’ll need to use a third party encryption service like what’s offered by Microsoft 365.

They may already subscribe to this service. However, if your client’s electronic communications are bound by special regulations like HIPAA, it’s your duty to let them know they’ll need to add another layer of encryption like Virtru’s data protection for Microsoft. Reason being, Microsoft sends unencrypted emails to its server to be scanned. That one unencrypted transmission violates HIPAA and other regulations.

If you fail to tell your client they need more protection to comply with regulations, they probably won’t sue you, but you don’t want to be the exception to the rule.

5. Copyright infringement is serious business

What designer hasn’t been asked to add copyrighted images to a client’s website (without permission)? Millions of images are shared online every day without being credited to the original owner, and it seems like nobody gets in trouble, so it’s no big deal, right? You can just credit the author and call it fair use, right?

Not so fast. That’s exactly the misconception that cost The Content Factory $8,000 for posting an unauthorized image to a client’s website.

Like most people, The Content Factory was under the incorrect impression that what they were doing was considered “fair use.” You’ll want to read the article linked above because they detail what fair use covers, and it’s not what you think. In fact, copyright law is so strict, you can be held financially liable for damages even if you share a copyrighted image by accident.

Don’t let clients push you into using images without permission

If a client instructs you to add copyrighted images to their website, protect yourself by requiring a copy of the license before implementing the content. Better yet, add a clause to your contract that outlines this requirement.