Top 3 Business Risks Freelance Consultants Should Know About

Article overview:

Business Risks for Consultants: This Can Go Wrong

Risk Number 1: Malpractice

• Liability for Consulting Errors
• Liability for Omissions
• Liability for Breach of Confidentiality

Risk Number 2: Legal Infringements

Business Risk of Copyright Infringement

Risk Number 3: Cybercrime

• Business Risk Ransomware
• Business Risk Social Engineering

Cybersecurity Tips for Consultants

Cybercrime: How to Protect Your Business

Business Risks for Consultants: This Can Go Wrong

As a consultant, there are a number of risks you need to be aware of, regardless of the sector you work in. Your biggest business risk is causing financial loss to your clients. Another risk is damage to property or personal injury. All of these damages are usually the result of an error in the performance of your work as a consultant. So the biggest risk to your business is actually you.

Risk Number 1: Malpractice

It does not matter in which field (e.g. IT solutions, digital infrastructure, communications, coaching, real estate or human resources) you advise your clients: Mistakes can always happen. An analysis of real claims reported to exali shows that professional errors are among the most common causes of claims for consultants. We have compiled a few examples of what such errors can look like.

Liability for Consulting Errors

There is still a dangerous misconception in the consulting industry that someone who "only" gives advice is not liable. This assumption is wrong and can be costly: Whether you advise as a consultant or implement and execute concepts yourself, you can be held liable for damages resulting from your errors and omissions.

For example, let's say you've been commissioned by a company to carry out a location analysis for a new branch and it turns out that you've overlooked the fact that a competing company has also opened a branch in the immediate vicinity. In this case, your clients could claim damages not only for the incorrect advice, but also for the investments made on the basis of that advice.

Faulty Location Analysis

This is exactly what happened to a business consultant insured with exali: A pharmacist had commissioned him to carry out a location analysis for his new business, and during the research the consultant overlooked the fact that another pharmacy was due to open at around the same time in the immediate vicinity of the location he had recommended. The result: the angry client demanded compensation because he had already invested in the new pharmacy and signed long-term contracts.

Consultants as Scapegoats

Not every claim for compensation is justified, as the case of a consultancy firm hired by a local authority to consult on street lighting shows. The town council wanted to know whether it could save money by converting its street lighting to LED. The consulting firm's subsequent analysis concluded that there was indeed potential for savings, and the council went ahead with the conversion. Some time later, however, the consultants suddenly received a letter from the lawyer of the municipality, in which the company was held responsible for, among other things, the additional costs of retrofitting the street lighting, the lack of cost savings from the LED luminaires and other additional costs, and was ordered to pay 20,000 euros in damages.

However, a review by the consultancy found that the additional costs had been incurred in areas outside the scope of the agreed consultancy and that the lack of energy savings was due to a failure on the part of the council. As the company had taken out Professional Indemnity through exali, it eventually forwarded the solicitor's letter to us. After reviewing the case, the insurer also concluded that there had been no consultation error or omission, and instructed a specialist law firm to defend the claims. Thanks to the integrated Passive Legal Expenses Insurance, the policyholder did not incur any additional costs, but the case shows that even unjustified claims can end up in court, costing freelance advisers a lot of time and, above all, money.

Liability for Omissions

Sometimes, however, a mistake is not what was done, but what was not done. An omission is also one of the professional errors for which you, as a consultant, can be held liable. This is well illustrated by the case of an energy consultant who was hired by a couple to apply for funding to replace the windows in their home. Unfortunately, the consultant missed the deadline for submitting the paperwork for the grant, and the relevant authority promptly rejected the application. As a result, the couple claimed the lost grant directly from the energy consultant. You can read about the case in this article: Forgotten Confirmation Causes 4.000 Euros Damage

Headhunter Places CFO with Criminal Record

Even more dubious is the case of a headhunter hired by a company to find a new CFO. The headhunter quickly discovered what he was looking for and the candidate he proposed was hired. After some time, however, the company noticed irregularities in the management, which turned out to be the fault of the CFO. He was then investigated further. It turned out that he already had a criminal record for fraud. The headhunter had relied on the candidate's information and failed to obtain a police clearance certificate. The company demanded that the headhunter pay back the costs of recruitment, induction and the irregularities caused by the CFO: a sum of around 145,000 euros! Read the full case here: Headhunter places CFO with criminal record.

Farmer Forfeited Subsidies

This case concerns a business consultant who specialised in advising agricultural businesses. He was to advise a farmer who wanted to build a new barn for his dairy cows with the help of subsidies. The farmer overlooked the fact that he had to submit the planning documents on time, and his application was promptly rejected. This was a disaster, as he had already invested more than 100,000 euros, which he was now claiming back from the consultant as compensation, as the latter should have informed him of the deadline.

Liability for Breach of Confidentiality

As a consultant, you often gain deep insight into your clients' sensitive data and/or trade secrets. Some consulting activities, such as business valuations, economic due diligence or negotiation support, are therefore usually subject to strict confidentiality and non-disclosure agreements. These usually include substantial penalties for breach. However, even without a separate confidentiality agreement, the duty of confidentiality applies to you as a secondary contractual obligation.

This means In a project contract, the contracting parties are generally obliged not to disclose any information that could cause damage to the other party if it became known. This duty of confidentiality always exists, even without a separate agreement. If you breach this duty, for example through a misdirected email or your own employees, you can be held liable. Your client may claim damages from you, give you a written warning or even terminate the project contract.

Risk Number 2: Legal Infringements

In addition to professional errors, legal infringements are among the most common causes of loss. An analysis of the damage events reported to exali has shown that these four legal infringements are the most common:

• Copyright infringement (78 per cent)
• Infringement of competition law (17 per cent)
• Trademark infringement (3 per cent)
• Violation of personal rights (2 per cent)

In fact, we also have some examples of real damage cases in which consultants committed a legal violation.

Infringement: SEO Consultant Copies Website Content

The opposite of good is well-intentioned. This proverb applies to an SEO consultant who only wanted to help a campaign by the consumer advice centre of North Rhine-Westphalia to gain more reach. But he decided to put the entire campaign on a single homepage - including logos, buttons, fonts and original text modules. As a result, he received a written warning, including a cease and desist letter, for trademark and copyright infringement.

Trademark Infringement: Use of a Slogan

In this case, a freelance consultant wanted to draw attention to herself by using a catchy slogan on her profile on a business platform. But that was not all: she also used the same slogan as the title for a webinar she was offering. What she didn't know was that another company had already registered the slogan as a word mark, so she received a written warning for trademark infringement. The cost: 100,000 euros!

Risk Number 3: Cybercrime

Cybercrime is on the rise. A (sad) trend that continues. Studies have been showing this for years: Cyber attacks are one of the biggest business risks for companies, but also for the self-employed and freelancers.

Business Risk Ransomware

Ransomware attacks involve criminals gaining access to IT systems or programs, encrypting them and demanding a ransom from their victims in exchange for the release of the infected systems or programs. But that's not all: criminals often steal sensitive electronic data, for example from customers or business partners, and offer it for sale on the darknet. The consequences of such an attack can be devastating to your business - not just the cost of repairing damaged systems or programmes, but also business interruption and/or damage to your reputation.

Business Risk Social Engineering

Social engineering is the targeted manipulation of people. Cybercriminals use traits such as helpfulness, trust or fear of authority to get their victims to divulge sensitive information or ignore security precautions. CEO scams are particularly popular. In this case, the attackers pretend to be the boss in order to deceive employees.

Vouchers Scammed with CEO Fraud

For example, in one case reported to exali, the employee of a company insured through exali was allegedly contacted by its CEO and asked to buy vouchers for the Google Play Store. The employee promptly complied and bought 15 cards for 100 euros each, which he passed on to his alleged boss. A little later it turned out: The request was not made by the real CEO, but by fraudsters. The 1,500 euros were still gone. You can read more about this case in the following article: When scammers pretend to be the CEO

Cybersecurity Tips for Consultants

Cybersecurity is very important for companies as well as for the self-employed and freelancers. A successful cyber attack can affect not only your business, but also that of your clients. These protective measures can help minimise the risk:

Regular Backups

Probably the most important defence against a cyber attack is to regularly back up your data offline. So: Make regular backups of your work and store them in different locations, such as external media, the cloud, etc.

Apply the 3 Seconds Rule to emails

Always be cautious with emails and do not open attachments or click on links lightly. Instead, follow the 3 second rule and ask yourself the following questions

• Do I know the sender of this email?
• Was I expecting this email?

Especially for unknown senders and emails you are not expecting, the following security checks can help

• Check the email address (is this really the sender it says it is from, or is it someone else's email address?)
• Check the email for spelling mistakes or odd wording.
• If in doubt, contact the sender in another way (e.g. by phone) and ask if the email is really from them.
• Never give out account information, login details or passwords over the phone, by SMS or by email.

Regular Updates

Always make sure that your IT systems (e.g. operating system), any software you use (antivirus software, Adobe Creative Cloud, accounting software, invoicing software, CRM tools, etc.) and the apps on your smartphone are always up to date.

Multi-factor Authentication

Especially with external tools and platforms or software providers, you should always use multi-factor authentication, or at least two-factor authentication. This also applies to social networks or business platforms, especially if you are advertising.

Caution on public networks

When working on public networks while travelling (e.g. on the train, at the airport or in a café), always use a VPN to ensure that your data is not sent unencrypted over the Internet.