Main Street Practitioner Blog

 View Only

On the twelfth day of cybersecurity don’t be easy pickings for hackers



After consulting with various industry sources, NSA has compiled a list of suggested actions you should take in order to improve your cybersecurity. Look them over and begin implementing them today.


  • Encrypt all hard drives on all machines that store confidential data
  • Perform regular back-ups of all computers, laptops, tablets and mobile devices on secure storage media or offsite encrypted cloud servers
  • Install and regularly update business-class antivirus and firewall software on all devices
  • Activate pre-installed encryption options on your devices
  • Update device software and firmware regularly; set updates to install automatically
  • Change default passwords and addresses on all devices including routers, computers, tablets, smartphones, and software. Update and change passwords regularly


  • Practice log-in safety with multi-factor authentication on all devices and applications
  • Use unique complex passwords for all software, apps, and equipment
  • Do not share passwords, record them on paper or in a text file on your devices
  • Use a secure password organizer like Dashlane to manage passwords
  • Require the use of VPN connections for working remotely
  • Do not use public WiFi for business or data-sharing
  • Restrict access to data on a need-to-know basis, within the office, and at home

Communications and File Sharing

  • Use encrypted email and messaging applications
  • Do not share confidential information or documents via email – only use secure online portals, registered mail, FedEx, or UPS
  • Know the signs of phishing attempts and other potential intrusions

In the Office

  • Develop an internal cybersecurity and data protection plan (use this form as a template)
  • Develop a cybersecurity response plan to manage the aftermath of a data breach
  • Implement and enforce an internet/mobile device/computer access policy for your company
  • Immediately change all passwords and access protocols when an employee leaves your company
  • Practice “clean” client interviews (no visible client information, forms, or other data in sight or accessible) or have meetings in rooms without access to computers
  • Do not give guests access to your office WiFi or network
  • Stay informed about changes to cybersecurity best practices, new kinds of cybercrime, and other industry developments
  • Consult your insurance company and get a cyber liability policy
  • Physically destroy old storage media

Our list of practices is a good start for developing a customized program that suits your practice and the people you serve.

Unfortunately, cybersecurity professionals tell us that experiencing a data breach of some kind is not a question of if, but when. Even so, taking these minimum data security steps is necessary; it makes you a more difficult egg to crack.

Don’t be easy pickings for hackers and share these best practices with your clients.

Return to Blog List