Main Street Practitioner Blog

After consulting with various industry sources, NSA has compiled a list of suggested actions you should take in order to improve your cybersecurity. Look them over and begin implementing them today.

Hardware

• Encrypt all hard drives on all machines that store confidential data
• Perform regular back-ups of all computers, laptops, tablets and mobile devices on secure storage media or offsite encrypted cloud servers
• Install and regularly update business-class antivirus and firewall software on all devices
• Activate pre-installed encryption options on your devices
• Update device software and firmware regularly; set updates to install automatically
• Change default passwords and addresses on all devices including routers, computers, tablets, smartphones, and software. Update and change passwords regularly

Access

• Practice log-in safety with multi-factor authentication on all devices and applications
• Use unique complex passwords for all software, apps, and equipment
• Do not share passwords, record them on paper or in a text file on your devices
• Use a secure password organizer like Dashlane to manage passwords
• Require the use of VPN connections for working remotely
• Do not use public WiFi for business or data-sharing
• Restrict access to data on a need-to-know basis, within the office, and at home

Communications and File Sharing

• Use encrypted email and messaging applications
• Do not share confidential information or documents via email – only use secure online portals, registered mail, FedEx, or UPS
• Know the signs of phishing attempts and other potential intrusions

In the Office

• Develop an internal cybersecurity and data protection plan (use this form as a template)
• Develop a cybersecurity response plan to manage the aftermath of a data breach
• Implement and enforce an internet/mobile device/computer access policy for your company
• Immediately change all passwords and access protocols when an employee leaves your company
• Practice “clean” client interviews (no visible client information, forms, or other data in sight or accessible) or have meetings in rooms without access to computers
• Do not give guests access to your office WiFi or network
• Stay informed about changes to cybersecurity best practices, new kinds of cybercrime, and other industry developments
• Consult your insurance company and get a cyber liability policy
• Physically destroy old storage media

Our list of practices is a good start for developing a customized program that suits your practice and the people you serve.

Unfortunately, cybersecurity professionals tell us that experiencing a data breach of some kind is not a question of if, but when. Even so, taking these minimum data security steps is necessary; it makes you a more difficult egg to crack.

Don’t be easy pickings for hackers and share these best practices with your clients.