Improve Your Security with These Ten Steps
Here is a quick summary of the key steps to good cyber hygiene that you can take as the owner of a small practice.
Step 1: Stay current with updates. One of the most important layers of digital security is to make sure that the systems you use—computer servers, laptops, smartphones, and tablets, and all the software that turns these collections of metal, plastic, and wires into indispensable tools—are up to date with the latest versions. This especially applies to anything you’ve just installed because the manufacturing and packaging dates could be months before the ship date. Your first order of business once you install it is to update it.
Step 2: Install protection against malware. Relying on your wits is not enough. Keep your practice safe by installing protection against malware (viruses and the like) on all systems.
Step 3: Implement routine backups. It is critical to ensure you are taking routine backups that are stored somewhere safe and where you can access them in an emergency. Your backups also need to be regularly tested. It is astonishing how many backups are never tested and fail to recover files when needed.
Step 4: Set strong, unique passwords and change them regularly. I know you have heard all the warnings about passwords, and they are not a panacea. But while the online community migrates to passkeys and continues to roll out two-factor authentication, good password management is fundamental to good hygiene. Password managers make this a lot easier.
Step 5: Control access. Ensure that only the right people can access your critical systems. If we could trust everyone equally, we wouldn’t need keys to our cars and houses either.
Step 6: Manage your handheld devices. Society has become too dependent on them to leave them at home or off all day. So be prudent, back them up, lock them, keep them up to date, and simply put, manage them!
Step 7: Train your employees. You have probably heard it said that your employees are your first line of defense and your Achilles’ heel, often in the same breath. Your staff must know what to do with spam and phishing emails, when to alert you about unusual activity, and how to handle sensitive client information, protect the client’s privacy, and keep you out of regulatory trouble. An employee training program is often mandated in some industries.
Step 8: Manage your online presence. Learn how to take control of your social media and online presence. This means understanding where your clients are and how to secure your interactions with them and the general public.
Step 9: Meet your data privacy requirements. Every industry has some mandatory privacy compliance requirements. Don’t try to wing it; set up a simple program with straightforward steps to manage your obligations and then just do it. The reputational damage and fines are just not worth the risk.
Step 10: Consider insurance. Speaking of risk, consider a cyber rider to your practice’s insurance. What is intimidating to many of your clients is a simple contract to a law firm. Assess your risk and protect yourself.
CISO DRG Publishing has written a pair of short books (around a hundred pages each) that help smaller firms learn and implement basic protections. Protect Your Practice is written for healthcare, legal and financial professionals and Protect Your Business is for sole proprietors and entrepreneurs with just a few team members. They are written in plain language, are quick reads, and offer practical advice for folks with little time to waste. We’ve been publishing well-regarded books for security practitioners for more than ten years and wrote these two books because we know that small businesses are the backbone of our economy, are targets of cyber criminals just like larger enterprises, but often lack the resources and know how to keep themselves safe. Please help us to spread the word.
#Cybersecurity, #DataPrivacy, #HealthcareSecurity, #LegalTech, #DigitalSecurity, #CyberAwareness, #DataProtection