On the twelfth day of cybersecurity don’t be easy pickings for hackers

By James Crawford posted 02-04-2020 02:38 PM



After consulting with various industry sources, NSA has compiled a list of suggested actions you should take in order to improve your cybersecurity. Look them over and begin implementing them today.


  • Encrypt all hard drives on all machines that store confidential data
  • Perform regular back-ups of all computers, laptops, tablets and mobile devices on secure storage media or offsite encrypted cloud servers
  • Install and regularly update business-class antivirus and firewall software on all devices
  • Activate pre-installed encryption options on your devices
  • Update device software and firmware regularly; set updates to install automatically
  • Change default passwords and addresses on all devices including routers, computers, tablets, smartphones, and software. Update and change passwords regularly


  • Practice log-in safety with multi-factor authentication on all devices and applications
  • Use unique complex passwords for all software, apps, and equipment
  • Do not share passwords, record them on paper or in a text file on your devices
  • Use a secure password organizer like Dashlane to manage passwords
  • Require the use of VPN connections for working remotely
  • Do not use public WiFi for business or data-sharing
  • Restrict access to data on a need-to-know basis, within the office, and at home

Communications and File Sharing

  • Use encrypted email and messaging applications
  • Do not share confidential information or documents via email – only use secure online portals, registered mail, FedEx, or UPS
  • Know the signs of phishing attempts and other potential intrusions

In the Office

  • Develop an internal cybersecurity and data protection plan (use this form as a template)
  • Develop a cybersecurity response plan to manage the aftermath of a data breach
  • Implement and enforce an internet/mobile device/computer access policy for your company
  • Immediately change all passwords and access protocols when an employee leaves your company
  • Practice “clean” client interviews (no visible client information, forms, or other data in sight or accessible) or have meetings in rooms without access to computers
  • Do not give guests access to your office WiFi or network
  • Stay informed about changes to cybersecurity best practices, new kinds of cybercrime, and other industry developments
  • Consult your insurance company and get a cyber liability policy
  • Physically destroy old storage media

Our list of practices is a good start for developing a customized program that suits your practice and the people you serve.

Unfortunately, cybersecurity professionals tell us that experiencing a data breach of some kind is not a question of if, but when. Even so, taking these minimum data security steps is necessary; it makes you a more difficult egg to crack.

Don’t be easy pickings for hackers and share these best practices with your clients.



Featured Blogs

  • The IRS has released infographics explaining the upcoming economic stimulus checks for people who have yet to file (or may not need to file) their tax return, and general information about the value of ... Read

  • NSA CEO John Rice has written an article to update members on the first day's activity of the Payroll Protection Program. It is apparent that businesses that are able to apply for loans from banks that ... Read

  • Employee Retention Credit

    The IRS and Department of the Treasury have released more information about the Employee Retention Credit program that has been recently launched. Below is the information directly from the source, covering ... Read