|
|
YES
|
NO
|
|
Encrypt all hard drives on all machines that store confidential data
|
|
|
|
Use secure offsite data storage
|
|
|
|
Turn off computer systems at night, on weekends, and vacation
|
|
|
|
Shut down computers when you leave for appointments & lunch, and then restart and log back in when you return.
|
|
|
|
Use multi-factor logins for smartphone and tablet apps, like a fingerprint scanner combined with a drawn pattern, or pin number
|
|
|
|
Store passwords in text documents or on paper (notebooks or files on your computer)
|
|
|
|
Update and change your passwords periodically
|
|
|
|
Practice “clean” client interviews (no visible client information, forms, or other data in sight or accessible) or have meetings in rooms without access to computers
|
|
|
|
Have a “no-click” policy for links in emails you receive
|
|
|
|
Change default passwords and addresses on all your devices including routers, computers, tablets, smartphones, apps, and other software regularly
|
|
|
|
Use a secure password organizer app
|
|
|
|
Use and regularly update antivirus/anti-phishing and firewall security programs on all systems that contain business and client information
|
|
|
|
Physically secure your computers away from prying eyes when not in use
|
|
|
|
Have written standards for work-at-home situations requiring the use of secure Virtual Private Networks
|
|
|
|
Perform employee background checks prior to bringing them onboard
|
|
|
|
Redact all client SSN’s, firm EFIN & personal PTIN on all documents
|
|
|
|
Use encrypted and secure communications tools for client information exchange
|
|
|
|
Accept client information by secure online portal upload, in-person delivery, or registered mail (FedEx or UPS) that requires signatures
|
|
|
|
Change Wi-Fi passwords and all logins when an employee is dismissed, retires or their job no longer needs access
|
|
|
|
Educate your employees about data security and give them a hard copy of your office’s rules and regulations
|
|
|