After consulting with various industry sources, NSA has compiled a list of suggested actions you should take in order to improve your cybersecurity. Look them over and begin implementing them today.
Hardware
- Encrypt all hard drives on all machines that store confidential data
- Perform regular back-ups of all computers, laptops, tablets and mobile devices on secure storage media or offsite encrypted cloud servers
- Install and regularly update business-class antivirus and firewall software on all devices
- Activate pre-installed encryption options on your devices
- Update device software and firmware regularly; set updates to install automatically
- Change default passwords and addresses on all devices including routers, computers, tablets, smartphones, and software. Update and change passwords regularly
Access
- Practice log-in safety with multi-factor authentication on all devices and applications
- Use unique complex passwords for all software, apps, and equipment
- Do not share passwords, record them on paper or in a text file on your devices
- Use a secure password organizer like Dashlane to manage passwords
- Require the use of VPN connections for working remotely
- Do not use public WiFi for business or data-sharing
- Restrict access to data on a need-to-know basis, within the office, and at home
Communications and File Sharing
- Use encrypted email and messaging applications
- Do not share confidential information or documents via email โ only use secure online portals, registered mail, FedEx, or UPS
- Know the signs of phishing attempts and other potential intrusions
In the Office
- Develop an internal cybersecurity and data protection plan (use this form as a template)
- Develop a cybersecurity response plan to manage the aftermath of a data breach
- Implement and enforce an internet/mobile device/computer access policy for your company
- Immediately change all passwords and access protocols when an employee leaves your company
- Practice โcleanโ client interviews (no visible client information, forms, or other data in sight or accessible) or have meetings in rooms without access to computers
- Do not give guests access to your office WiFi or network
- Stay informed about changes to cybersecurity best practices, new kinds of cybercrime, and other industry developments
- Consult your insurance company and get a cyber liability policy
- Physically destroy old storage media
Our list of practices is a good start for developing a customized program that suits your practice and the people you serve.
Unfortunately, cybersecurity professionals tell us that experiencing a data breach of some kind is not a question of if, but when. Even so, taking these minimum data security steps is necessary; it makes you a more difficult egg to crack.
Donโt be easy pickings for hackers and share these best practices with your clients.