Dealing with your business cybersecurity starts with a simple step: ask yourself if you’re using best practices.
Do you?
|
YES |
NO |
Encrypt all hard drives on all machines that store confidential data |
|
|
Use secure offsite data storage |
|
|
Turn off computer systems at night, on weekends, and vacation |
|
|
Shut down computers when you leave for appointments & lunch, and then restart and log back in when you return. |
|
|
Use multi-factor logins for smartphone and tablet apps, like a fingerprint scanner combined with a drawn pattern, or pin number |
|
|
Store passwords in text documents or on paper (notebooks or files on your computer) |
|
|
Update and change your passwords periodically |
|
|
Practice “clean” client interviews (no visible client information, forms, or other data in sight or accessible) or have meetings in rooms without access to computers |
|
|
Have a “no-click” policy for links in emails you receive |
|
|
Change default passwords and addresses on all your devices including routers, computers, tablets, smartphones, apps, and other software regularly |
|
|
Use a secure password organizer app |
|
|
Use and regularly update antivirus/anti-phishing and firewall security programs on all systems that contain business and client information |
|
|
Physically secure your computers away from prying eyes when not in use |
|
|
Have written standards for work-at-home situations requiring the use of secure Virtual Private Networks |
|
|
Perform employee background checks prior to bringing them onboard |
|
|
Redact all client SSN’s, firm EFIN & personal PTIN on all documents |
|
|
Use encrypted and secure communications tools for client information exchange |
|
|
Accept client information by secure online portal upload, in-person delivery, or registered mail (FedEx or UPS) that requires signatures |
|
|
Change Wi-Fi passwords and all logins when an employee is dismissed, retires or their job no longer needs access |
|
|
Educate your employees about data security and give them a hard copy of your office’s rules and regulations |
|
|
If you checked “NO” on a red question, you need to amend your policy TODAY and take action to change your procedures. These items are key to keeping yourself and your clients safer.
Yellow questions that you answered with “NO” need to be addressed tomorrow. They are still critical to your cybersecurity.
Hold on to this checklist and share it with your clients who own their own business. These items are as important for them as they are for you.