Damien Lefebvre maintains coaching records for 23 ongoing clients. Last year, a colleague's cloud storage account was compromised, exposing session notes for 80 clients. This incident forced Damien to audit his own record-keeping vulnerabilities.
Threat Model Assessment
He identified three realistic risks for his practice size: unauthorized cloud access, device theft, and accidental file sharing. Enterprise-level encryption tools required budgets he couldn't justify, so he built a layered system using existing tools.
His records now exist in three states. Active client files sit in encrypted containers on his local machine, accessible only through password and key file. Completed client records move to an encrypted external drive stored separately from his computer. Archive records older than five years transfer to encrypted cloud backup with two-factor authentication.
Operational Reality
The workflow adds four minutes per client per week. He opens the encrypted container at the start of his admin block, works with all active files, then closes and locks the container when finished. Client names never appear in file names, only numeric identifiers cross-referenced in a separate encrypted lookup table.
His insurance provider reviewed the system during his annual policy renewal and reduced his liability premium by 8 percent. The most surprising benefit came from an unexpected direction: the deliberate access ritual created a psychological boundary that helps him mentally separate coaching work from other business tasks, addressing his tendency to blur professional boundaries.