5 security resolutions to choose from

Published on January 3, 2019

It’s that time of year again. Time to commit to doing better. New Year’s resolutions are a tradition that many of us would just as soon forget, having committed to goals in the past as part of the annual routine, only to give up on them by April. New Year’s resolutions might be a popular laugh line, but the impetus behind them remains. It’s inspiring to look at the year ahead as a blank slate, a new opportunity for our hopes and dreams to take flight, or at least get a running start. One of the tricks to sticking with your resolutions is to understand that luck has nothing to do with it.

According to psychotherapist Linda Walter, LCSW, who wrote for Psychology Today about making resolutions stick, you should not take on more than three a year, make sure you can track progress, and have a measurable result in mind. With these guidelines, you’re more likely to cultivate new, healthy behaviors that eventually will become habits.

New Year’s resolutions call to mind gym memberships, smoking cessation programs, and career goals. But how about security? One thing we learned from last year’s news stories about one security breach after another was how at risk our information is online.

In today’s post, we outline five resolutions that could dramatically improve the security of your business. We suggest you choose three of these to tackle. Even if you only keep one of these resolutions, you can enjoy peace of mind knowing your data is more secure than it was in 2018.

Resolution: Vary your passwords and passphrases

The simplest task can often achieve the most powerful results. If you choose one resolution, this should be the one. Stop using the same password for everything. We know it’s tempting. You’re trying to access a new service, you need a password that meets all the requirements, and you’re just not in a creative mood. Here’s what we suggest. Sign up for a password manager. Then, you come up with one password or passphrase for the manager, and it remembers all of the rest of your passwords for you. And yes, most popular password managers will come up with passwords for you, so you don’t have to reach into the recesses of your brain to come up with something new.

How do you know you’ve kept your resolution?

You can no longer remember the two or three primary passwords you use for pretty much everything. In fact, you only have one password in your head because all the rest are held for you by a trustworthy password manager.

Resolution: Conduct a risk assessment

This one sounds complicated, and while it certainly can be (run a search for risk assessment tips to see just how complicated), the team at Hushmail has taken the guesswork out of the process and laid out steps to get you from having no idea how secure you are, to fully confident and ready for a HIPAA audit.

Take a look at the post we ran last year to get an overview of what a risk assessment is exactly. Then, when you’re ready to start, sign up to receive our risk assessment guide that will hold your hand through the steps.

How do you know you’ve kept your resolution?

You wouldn’t panic if a HIPAA official came by to conduct an audit. You can easily explain exactly where your client information is, how it’s being used, what possible risks might pose a threat, and the appropriate course of action to take in case of a breach. If the phrase “risk assessment” no longer stresses you out, you’ve kept this resolution.

Resolution: Make cybersecurity part of your work culture

We talked about cybersecurity more than ever last year, and the trend will only increase in 2019. That’s a good thing and an opportunity to make sure your team is on board when it comes to securing your office. Make a resolution to cultivate a culture of security this year by welcoming everyone into a compelling conversation.

  • Conduct regular lunch and learns

These informal meetings are an excellent time to chat about some serious topics. Order lunch in and make it a fun, supportive atmosphere with an all questions welcome policy. Getting to know what concerns your team the most will provide valuable insight into the current security of your office.

  • Use simple language

Although most of us have gotten used to some technical language, including cybertheft, cybercriminal, and pretty much cyber-anything, wording that’s very technical can be intimidating and slow the learning process. We’re not saying to dumb it down exactly, but realize that not everyone knows the difference between AES and PGP encryption. Explain yourself or maybe stay away from getting quite so technical.

  • Include your entire team in a risk assessment

Going through the process as a team will give everyone a chance to ask questions and understand deeply why security is so essential and how everyone plays a part in maintaining security.

How do you know you’ve kept your resolution?

Your team has a clear understanding of why security is important within the workplace, what’s expected of them to maintain it, and they readily put forth the effort to implement best practices.

Resolution: Responsibly dispose of your old hard drives

Did you know that when you delete a file, it’s still retrievable from your hard drive? That means photos, bank statements, credit card information, and other sensitive data are preserved and retrievable after you discard an old computer. A common practice is to have a designated shelf, or an entire closet, in which to store old computers and gadgets until someone gets around to figuring out what to do with them. The problem is, that’s a lot of data left vulnerable to theft, loss, or mishandling. If you’re in a regulated industry like healthcare, haphazardly stored hard drives are a huge liability. But even if these are your personal hard drives, temporary storage still puts you at risk for identity theft. Make this the year you dispose of your old hard drives. You can do this in two ways:

  • You can wipe the data by deleting it and writing over the hard drive repeatedly. You can do this yourself (conducting a search for “hard drive wipe” will bring up plenty of how-to articles), or if you’re feeling uncertain about taking this on by yourself, contact a professional to help you do it properly.
  • You can also physically destroy the hard drive. You can use a screwdriver to dismantle it and a hammer to destroy the disk. There are also professionals that will grind your hard drive into pieces. If you go to a professional make sure they’re reputable and will provide you with a certificate of destruction, which includes the serial number, make and model of the device, and the type of data destruction used.

How do you know you’ve kept your resolution?

There are no more hard drives haunting you from a storeroom closet.

Resolution: Turn to Hushmail and Hushmail partners to bolster your overall security

You probably understand by now how important it is to secure the information you send and receive online. This might be in the form of emails and web forms, in which case we have you covered with encrypted communication services, but also live video chats, websites, and practice management software. For these services, you can turn to one of our Hushmail partners. These are individuals and organizations that we’ve closely worked with over the years. We share similar values and a mission to provide valuable, secure, reliable tools for our customers. You can read about some of our partners in the blog post Therapists' 5 essential tools for a successful practice [in 2018 and beyond]. Or take a look at our partners’ special offers for Hushmail customers.

How do you know you’ve kept your resolution?

You sit down to work every day able to focus on helping your clients - not on fixing your technology or worrying about security and HIPAA regulations. You feel secure knowing that Hushmail and Hushmail partners have you covered with services and products you can rely on.

Start the year off right by making a few critical security resolutions - vary your passwords and passphrases; conduct a risk assessment, make cybersecurity part of your work culture, responsibly dispose of your old hard drives, and turn to Hushmail and Hushmail partners to bolster your overall security. If you keep just one of these resolutions, your business will benefit from greater security in 2019.

Subscribe to our newsletter

...and we’ll send 6 tips to make sure your emails are truly HIPAA compliant straight to your inbox.