Protecting your business: A guide to liability, security, and responsibility for freelancers

In a large corporation, no one outside of the IT department has to think about protecting company data. Encryption, backup, and secure email are somebody else's set of problems.
But if you're running a small business - or working for yourself - these are your responsibilities. Fail in any one of them, and you'll lose clients. And eventually, your busines.
Osho3 Technologies is currently working on a Security toolkit that will ensure Total Security.
below are some of the things you need to do. 

Protect client data, and your own, with strong encryption

If a client trusts you with their tax forms, their business plans, or a database of their customers, the last thing they want is that information falling into criminal hands.
Encrypt all customer data on your computer, or on any computer under your control. Some services, like File Vault, which comes with Bitdefender Total Security 2015 and Small Office Security, can do this. 

Protect that data in transit

The data you email is far more likely to fall into the wrong hands than the data stored on your computer. So you also need a way to protect and encrypt information you transfer over the Internet. This is more difficult than local encryption, because you and your client have to agree on how you'll manage it.
If a client is sufficiently technical, he or she may already have a preferred way to send secure messages and files. Adapting their technique will probably be easier than convincing them to adapt yours (unless you feel that theirs isn't sufficiently safe, of course).
If a client doesn't have a preferred technique, introduce them to your preferred one. I recommend Sendinc, because it doesn't require special software, and you and your clients don't have to share a password.

Don't ignore basic PC protection

If you lose your clients' files in a hard drive crash - or worse - pass malware on to a client, you will lose business. You might also lose a lawsuit.
First, you need an anti-virus program to keep Trojans, worms, viruses, and other malicious code off your PC. Better yet, use a full security suite with antivirus, a firewall, spam protection, and so on, such as Bitdefender Total Security 2015.
Next, back up at the end of every workday. You can back up to an external hard drive with the backup program that came with your operating system, or you can use an online backup service such as Mozy or Carbonite.

And just to be safe, insure

No matter how many precautions you take, disaster can still strike. An accident can destroy expensive equipment. A former client or a former employee can sue you. Sickness or injury could force you to shut down your business for weeks or months.
Liability insurance can protect you from the financial aftershocks of these disasters. And even if you’re a business of one working out of your home, insurance can still prove vital. According to the US Small Business Administration, "homeowners' policies only go so far in covering home-based businesses and you may need to purchase additional policies to cover other risks, such as general and professional liability."
If you already have homeowner's or renter's insurance, contact your agent and ask about covering your business. You should at least find out how much it will cost you before you decide you can't afford it. And remember, it's a tax write-off.

 Data breaches can be prevented with one simple solution

There have been so many major data breaches over the past year or two that it’s hardly even news anymore when millions of customer accounts are compromised. We’ve become jaded, and just expect that attackers will find a way to penetrate our networks and steal our data. The reality, however, is that there is one simple thing companies—and individuals—can do that will prevent the vast majority of data breaches: two-factor authentication.
“While people may claim that the attackers in these breaches are advanced, sophisticated, or state-sponsored, their actual execution is quite simple in nature,” declared Jon Oberheide, co-founder and CTO of Duo Security. “Simple phishing and other credential theft attacks have not only been the initial entry vector to these companies, but also how attackers move laterally within an organization to reach their eventual target."
Oberheide warns that companies are setting themselves up for attack if they don't implement two-factor authentication. "It's expected that attackers will take advantage of that and find the path of least resistance.”

Two factors are better than one
There are three ways to authenticate an identity: something you know like a password, something you have like a USB key, and something you are, like a fingerprint. Usernames and passwords are still the primary means of authentication for most companies, people, and devices, but they only represent a single factor, because they’re both something you know.
Usernames are generally trivial to guess, and passwords are relatively easy to crack or compromise. Attackers also often acquire usernames and passwords through phishing attacks. In the case of breaches like Target, or Home Depot, or Sony, the attackers were able to obtain valid username and password credentials to access the network, and the rest is history. Had those organizations used two-factor authentication, and also required something you have or something you are, the attackers wouldn’t have been able to do much with the username and password.
However, two-factor authentication alone is not enough. It has to be properly implemented two-factor authentication.
Most companies are selective in their use of two-factor authentication, Oberheide explained. “Historically, two-factor authentication has been limited in deployment scope to only the most critical services or to a select group of key administrators due to cost and usability burden.”
In other words, even organizations that have two-factor authentication in place are often using it only for specific users or servers. All it takes is one unprotected server housing sensitive information that isn’t protected with two-factor authentication, and the results can be a catastrophic data breach. It’s like locking every door and window in your house except for one, and hoping a burglar isn’t thorough enough to find the one unlocked entrance.
There’s some good news, according to Oberheide. “In an environment where firewalls are becoming increasingly irrelevant (what does "on-premise" mean to a small company in an IT world of cloud and mobile) and endpoint antivirus efficacy is laughable, two-factor authentication is becoming the go-to security technology for organizations of all sizes.” Thanks to initiatives like FIDO, and emerging two-factor authentication systems that are simpler and less expensive, two-factor authentication is gaining momentum.
Companies and individuals should utilize two-factor authentication everywhere it’s possible or offered. It’s only a matter of time until a username and password is compromised, but as long as the attacker doesn’t also have the mobile phone or fingerprint that goes with those credentials, the data will still be safe.
 

Travelers beware: Hackers are after your information

Frequent fliers get all the perks—and all the attention from cyber criminals, apparently. United Airlines, American Airlines, and Park-n-Fly have all reported breaches in the past few days, pointing to an emerging trend of attacks targeted specifically at travelers. 
Travelers can be an easy mark for cyber criminals, because they're inherently off-guard and in unfamiliar situations. “Consumers may be somewhat easy targets, as we often cut corners protecting ourselves, fueled potentially by an urgency to complete tasks, travel-related stressors, and sleep deprivation," explained Trey Ford, global security strategist for Rapid7. "Given these considerations, consumers have a tendency to favor time-saving behaviors like password re-use, while stress, distraction and exhaustion raise our susceptibility to phishing campaigns.”
Travelers and travel-related companies and programs are particularly valuable targets, too. Individuals who are vigilant about guarding and monitoring bank and credit card information may not consider things like frequent flier miles to be worthy of heightened security. Those miles and customer rewards, however, do have value and can be traded for goods and services. They offer cyber criminals an easier target than banks and credit cards, while still being relatively easy to monetize.
“Going after frequent flyer miles, Candy Crush gold, or virtual swords and armor in World of Warcraft may seem like a surprising tactic for attackers, but for them it's an efficient way of monetizing low-hanging fruit attacks, such as phishing and credential theft,” explains Jon Oberheide, co-founder and CTO of Duo Security.
The second factor is that many travelers—especially the most frequent travelers—are generally traveling on business. That means they’re using corporate credit cards, which often have higher limits than personal credit cards.
There is one more thing of value attackers can obtain from these frequent travelers: personal information. These companies and programs generally include names, addresses, email addresses, phone numbers, and other sensitive information that attackers can use to steal the victim’s identity.
It’s important for businesses to monitor for failed logins as well as fraudulent successful logins. Failed logins are a strong indicator of an attempt at unauthorized access. Of course, the real damage comes when an attacker logs in successfully. Perhaps the username and password credentials have already been obtained from a different breach, and the attacker is able to waltz in and raid the proverbial cookie jar.
There are steps you can take to protect your accounts and information. “When making transactions especially with less sophisticated vendors," recommends Rob Shavell, CEO of Abine, "try to minimize not just financial info, but to give out less personal details, as these can be used for more sophisticated identity theft schemes at other places.”
Rapid7’s Ford suggests that travelers take a few minutes to replace re-used passwords and double-check travel loyalty balances as well: “Re-using passwords is dangerous. We’ve all been warned about the risks of using the same password for different websites, and yet we still do it,” stressed Ford.
Cyber criminals aren’t usually very discriminating. They’ll go after whatever requires the least effort. It seems that travelers, and the customer loyalty and frequent flier programs they use, have become a new target of choice.

Obama will unveil new cybersecurity initiatives this week

 President Barack Obama is set to unveil a series of initiatives to bolster U.S. cybersecurity that he will detail in speeches this week.The U.S. president will lay out a series of legislative proposals and executive actions that will be in his State of the Union that will tackle identity theft and privacy issues, cybersecurity, and access to the Internet, reported the New York Times, quoting a White House official.

The recent, high-profile hack into Sony’s corporate networks, which federal investigators have blamed on North Korea, may strengthen the president’s hand as he attempts to get a cybersecurity bill passed by a legislature that is controlled by his political opposition. In addition, the recent increase in severity of intrusions into major U.S. retailers such as Home Depot and Target, which has cost millions of dollars in fraudulent credit-card transactions, has made identity-theft an even more urgent issue.