- Use Something Better than 12345. Choose strong passwords with letters, numbers, and special characters to create a mental image or an acronym that is easy for you to remember. Create a different password for each important account, and change passwords regularly. Consider using a password manager like 1Password or LastPass.
- Use Protection!… I mean software protection. For home users or very small businesses, we recommend downloading the free Microsoft Security Essentials http://www.microsoft.com/security_essentials.For businesses, we recommend using a centrally monitored end-point protection product, whether you do your own monitoring or your IT Company does it for you.
- Keep Your Software Up to Date. Every first Tuesday of the Month Microsoft releases fixes to bugs they and others find. These bugs are exploited by malicious software and can compromise your computer. Patching eliminates the known flaws to programs. Include Windows, Office, Adobe Acrobat, Adobe Flash, Java (if you really need it), Quicktime, or any other “plug-in” software.
- Give yourself and your employees minimal rights. It’s tempting to remove all controls and grant yourself and your staff full access to your computers because otherwise it’s a hassle. However, it’s best to have a separate account to do any “administrative” work. Only give access to the ePHI an employee needs to perform their tasks. Check out the Health IT Access control checklist: http://www.healthit.gov/sites/default/files/security-checklist-practice-4.pdf
- Be careful of where you compute. It’s great to go to a coffee shop to get some work done. It’s also a great way to get your information stolen. Although your bank provides a secure way to do business with them online, it is best to do that from your home network rather than the open network at a café or airport lounge.
- Use Good Hygiene. Don’t open unsolicited emails especially if they have attachments, or links to reset a password that you didn’t request. Consider the websites you visit. Don’t put in random USB drives or CD’s you have found or been given. To this end, install a business-grade firewall and limit network access. Good hygiene is not only healthy for your body but it’s healthy for your computer systems too!
- Backup All The Time! Implement a system that security backups online whenever you have a connection whenever you make changes to a file. Not having an automatic offsite backup is a sure-fire way to forget to do it. Plan for the Unexpected.
- Protect your sensitive data. There are tools that can encrypt your hard drive so that if someone finds your computer they won’t be able to pull data off of it unless they have your password. Limit exposure of ePHI by limiting thumb drive use, unencrypted email, and carrying data on laptops, phones, and tablets.
- Educate yourself, your colleagues, and your staff. Most people want to do the right thing. But many times barriers are put in front of them to do their jobs. Without proper explaining the reasons why and the risks involved, participants won’t buy-in to your policies.
As you can see, some of the items on this list are things that you can install onto your computers to help protect you from the bad stuff, the others are things behaviors that if followed would greatly reduce your risk.