Business Risks IT Freelancers Should Keep In Mind
Risk 1: Professional Negligence
Mistakes happen in every profession. But especially as an IT freelancer, omissions can have expensive consequences that can cost you your existence in the worst case. Therefore, a sensible strategy for risk management and reduction should definitely be part of your business. Of course, even with all caution, there are residual risks - but you can cover them well with Professional Indemnity Insurance. We have compiled the following topics on the basis of our many years of experience with damage events. They impressively illustrate the dangers that lurk for IT freelancers in their daily business.
Careless Mistakes
At exali, we repeatedly have to deal with expensive damage events that seem to be based on "minor" omissions. This is also the case here: Mixed-Up Numbers: IT Expert Causes Damage Amounting to 14.000 Euros. A simple typing error, for example, caused 17.000 electronic letters to be sent instead of the 50 originally intended. The cost of this oversight? 14.000 euros.
Programming is also an art in itself. Just one little thing is enough and the entire project fails. This is exactly what happened during a NASA Venus mission due to a missing hyphen in the programming code. The rocket went into a spin and finally had to be destroyed in a controlled manner.
The support of the McDonald's competition app also proved to be unexpectedly expensive. The IT service company hired specifically for this purpose had made a gross mistake in the programming, which ultimately resulted in damages of 400,000 euros. Read the entire case in the article: Competition Fail Causes 400.000 Euros in Damages for McDonald’s.
No Backup, No Sympathy
This well-known and infamous phrase from the names another professional omission that regularly causes trouble in the IT sector. In fact, there is probably nothing more annoying than the loss of data due to a missed or defective backup copy. The cost and effort of restoring important documents is horrendous, so our advice is: whether it's your own company's data or that of your customers, make sure you have regular and complete backups - and in more than one place. An IT service provider insured by exali had to learn that lesson, as he had made a backup, but only on one hard drive. When the hard drive broke, a lot of important data was lost. You can read here how the Professional Indemnity Insurance covered this case: A Real-Life exali Damage Event - Loss of Data on Your own Hard Drive.
Careless handling of the issue of backup copies can also lead to high damages for your customers, as an IT service provider had to experience who was supposed to install and maintain a data backup system for a company. This all worked well at first, until a complete loss of data occurred in the company due to a power failure and it suddenly turned out that the backup system had not worked properly for almost a year. We have summarised how the case turned out in this article: IT-Fail: 130.000 Euros in Damage Due to Faulty Backup.
Breach of Confidentiality
When working with companies, you will often have access to internal company information in the course of your work. You should treat these very sensitively, because within the framework of a concluded project contract you are obliged not to pass on any information that could harm your contractual partner if it becomes known. This does not require a separate confidentiality agreement - confidentiality is part of the contractual secondary obligations and is therefore binding. A breach may result in claims for compensation, a written warning, a contractual penalty and, of course, extraordinary termination of the contract.
A real exali damage event shows that such a violation happens more quickly than expected, when some IT freelancers listed too many details about their project activities in their profile on a business platform called Xing for the purposes of self-marketing. The client - a defence technology company - was anything but thrilled about this, as the job descriptions were so detailed that competitors could easily read out which technologies the client was working on and save themselves industrial espionage. You can read more about this case here: Confidentiality Agreement Violated: Too much Information in a Business Profile.
Property Damage
Even when we leave the world of technology, the risks for professional negligence and resulting financial damage do not end. Just imagine you gain access to a client's office and lose the key you were given specifically for this purpose, on an evening pub crawl. This mishap happened to an IT service provider insured through exali in this article: Lost Customer Key: IT Service Provider Causes 1.400 Euros in Damage. Another company wanted to carry out the cleaning work in a rented server room itself without further ado, triggering the extinguishing system and causing damage of 80.000 euros, requiring the extinguishing system to be refilled with expensive inert gas and the fire brigade to be called out. But such convoluted paths are not at all a prerequisite for expensive property damage. Even a too strong jerk on a window lever is enough to cause property damage to the rented office building. The employee of an IT service provider had used too much force when opening a skylight and pulled out the lever. Find out what happens when property damage occurs to rented premises in this article: Last Chance General Liability - Employee Demolishes Skylight.
Risk 2: Cybercrime
The statistics of the past few years clearly show that the threat of cybercrime is not only real, but growing. Hackers have devised many different ways to steal money and data from companies. As an IT professional, you should therefore prepare yourself for this threat.
If you want to arm yourself against it, keep in mind what is probably the biggest risk factor: people. The best way to do this is to create a clear awareness of possible threats, both in your own business and among your clients. This includes establishing clear responsibilities and regular training to address changing threats.
In this way, you can already reduce the risk of damage from certain cyber attacks quite a bit. Attacks from the area of social engineering in particular aim to manipulate people in front of a PC or smartphone in such a way that they, for example, reveal important data. In the article Social engineering: When People Become a Risk, we tell you what forms fraud schemes from this area take and how you can protect your business. To gain access to company networks, cyber criminals repeatedly use malware and in this way, for example, capture important data. The hackers encrypt this data with ransomware, and only release it again after paying sometimes considerable ransoms. How you can protect your business from this digital hostage-taking is explained in our article on the topic of ransomware. Other types of software execute malicious code on computers, which can cause lasting damage to the IT infrastructure and, in the worst case, completely paralyse your business. There are now so many different types of malware that it is easy to lose track of them all. Our article Viruses, Worms and Trojans: What Are the Differences and How You Can Protect Yourself can help.
There are some measures you can take to secure your own infrastructure and that of your clients:
- Keep the hardware and software used up to date.
- Allocate access rights only to the necessary extent and manage them sensibly.
- Assign clear responsibilities and ensure that they are respected.
- Back up data regularly and ensure that these backups are comprehensive and complete.
- Ensure adequate virus protection and a strong firewall.
If you want to know exactly which cyber threats you should protect yourself against, read our article Cyber Risks: This Threatens You and this is How You Can Protect Yourself.
You Take Care of Your Business - We Cover You
Especially if you work in the IT sector, you can expect a variety of risks. Some of them seem obvious, others are rather difficult to predict. But whether the danger is foreseeable or seems unlikely - comprehensive cover is worthwhile in any case. With an Professional Indemnity Insurance through exali, you have a reliable partner at your side in the case of a damage event - for legal violations, professional negligence and property damage. The insurer checks the legitimacy of the claims made against you and bears the costs if necessary. If claims prove to be groundless, they are defended on your behalf.
If you want to protect your business against damage in connection with hacker attacks, the Add-on First-Party Cyber and Data Risks Insurance (FPC) supports you not only by assuming the amount of damage caused by cyber attacks on your systems, but also by bearing the additional costs for remedying the consequences.
If you have any questions about our insurance solutions, our customer service team will be happy to hear from you on +49 (0) 821 80 99 46-0 (available by phone from Monday to Friday 09:00 to 18:00 CET)!
Risk 3: Violations of Rights
An exali-internal survey has shown: Infringements of rights and the resulting written warnings are the most frequent type of damage among our policyholders. This is also a real risk for you as an IT service provider, because you can be affected by a violation of the law both in your own business and when working for your clients. Therefore, in the following we present the most common legal infringements that can be warned against in practice:
Copyright Infringements
They account for the majority of infringements. This fact is not surprising, as almost all content in any form (video, image, text, programming code) is protected by copyright. You do not have to commit a deliberate infringement, you can also infringe copyright by mistake. This is possible, among other things, through:
- Use of protected code
Do not copy code from other developers if you do not have the necessary rights or licences. Programming code also enjoys copyright protection. - Copying already existing software
Make sure that the software you create does not have too many similarities with existing programmes. Otherwise it may be plagiarism, which infringes the copyright of the developer of the original. - Violation of licensing conditions
If you use libraries, APIs or frameworks from third parties, you should adhere strictly to the terms of use. If you extend them at your own discretion or even pass on the code without permission, you are committing a breach of copyright.
In addition to these branch-specific risks, you should also pay attention to the following points:
- Unauthorised use of music
It is often a good idea to add music to your own content, such as videos. If this is protected, it is an infringement of copyright. - Copying images/videos
Images and videos enhance any website. However, someone also holds the rights to this type of content. If you want to use such content on your website, make sure you get the permission of the author and name him/her as the source. Alternatively, you can use portals that make content available and have clearly clarified the legal conditions with the authors. - Copying texts
Most freelancers also provide information about their services on their own website. If this is also the case for you, you are legally obliged to provide certain texts such as the imprint, privacy policy and general terms and conditions. Never copy these from your competitors! These texts are also protected by copyright.
If you want to minimise the risk of copyright infringement, the following applies above all: Do not copy any third-party content and do not adopt any third-party code, libraries, APIs or frameworks for which you have not obtained the written permission of the author or have the corresponding licence for use.
Infringements of Competition Law
Competition law regularly drives freelancers to despair. The regulations contained are numerous and complex, so that legal laypersons can hardly know which current regulations they must adhere to. Consumer and competition associations make the situation even worse by regularly issuing written warnings for violations as part of a regular business model. The focus of these warning letters is primarily on online presences of self-employed persons, because (alleged) infringements are particularly easy to detect and track there.
In competition law, there are some typical infringements that you should be aware of.
- Your imprint is missing or incomplete
- You engage in misleading advertising, for example by advertising a false price for your offer
- The limitations of liability in your general terms and conditions are too broad
- You do not or only incompletely make advertising recognisable
In this area, it makes particular sense to be on the safe side: Have a lawyer draw up the general terms and conditions, privacy policy and other necessary legal texts. You can also get a regular overview of legal requirements on industry-specific portals.
Trademark Infringement
This variant of infringement may not seem particularly obvious to you as an IT expert, but you should also definitely consider the risk of such an infringement in your business. A trade mark is a designation for a product or service that is listed in the trade mark register and is therefore protected. Only the trademark owner is allowed to use this trademark. If you want to use a trade mark for yourself, you must make sure that you own the rights to the trade mark or that you have been granted the necessary rights of use for the intended purpose - if this is not the case, you are committing a trade mark infringement.
What can a trademark infringement look like in concrete terms? The following infringements, among others, are possible:
- The logo of your business is very similar to that of another company
- Your brand name has parallels to other brands
- You use other people's logos and seals of approval for advertising purposes on your online presence
Before you apply for a trade mark, you should carefully research whether you are infringing the rights of third parties. Do not be afraid to secure legal support for such a situation, because a poorly prepared trademark application can result in horrendous claims for compensation. This also happened to an IT service provider insured through exali. He was supposed to create a website for a sports club - name and logo included. Unfortunately, another business had already protected the name and the legal dispute took its course. Read how it turned out in: Trademark Infringement: An IT Service Provider Forgets to Do his Trademark Research.
Violation of Personal Rights
If you are now asking yourself: How should I, as an IT service provider, violate the personal rights of third parties? There are many options: If you want to enhance your website with pictures of your employees, for example, or show the faces of your satisfied clients in your customer references, you should never do this without their written consent. Otherwise, you may be threatened with a written warning due to an infringement of personal rights.
Data Protection Breaches
If you work in the IT sector, you cannot avoid dealing with sensitive data. Since it came into force in 2018, the General Data Protection Regulation (GDPR) has regulated the handling of such data - and even years later, this still poses great challenges for freelancers, self-employed persons and entrepreneurs. After all, you don't just regularly handle your customers' data. You also have to comply with the legal requirements for your website and legal texts. The integration of contact forms and the design of the cookie banner are also subject to strict regulations. Current developments regarding the rules of the General Data Protection Regulation, new rulings and important innovations can be found in our GDPR Fact Check.
Risk Management and Coverage
The risks in the IT sector are numerous, but with a combination of the right measures and the appropriate protection, you can arm your business against many pitfalls. In this way, you can devote all your energy to your business and the well-being of your customers.