Visit →

Register for our upcoming webinar to access all the tips below!

To celebrate Cybersecurity Awareness Month, we’re offering you 31 tips over 31 days to help keep your data secure. To access all the tips, sign up for our upcoming webinar “Don’t Be a Cybersecurity Horror Story: Expert Panel with Q&A!”

What’s it about?

Four cybersecurity experts will hold a panel discussion about trends, current issues they see in the field, and how to safeguard against threats. They will also answer audience-submitted questions in an interactive Q&A.

Who’s speaking?

A panel of industry experts from Total HIPAA, Egress, NaviSec, and OneDigital will share security threats and risk management strategies from their combined decades of experience in this field.

When is it?

October 29th at 1 p.m. EDT. If you can’t make it, don’t worry! Register now and you’ll have access to the recording after the webinar.

What do I get?

Access to an interactive webinar (live or recorded), answers to your cybersecurity questions, all the tips on this page, and a chance to win a $100 Amazon gift card if you submit a webinar question for the panel!

31 Cybersecurity Tips. Ready… Set… Go!

Make sure all employees and contractors with access to company resources have unique login information.

Update your password policy and require each employee, contractor, or individual who accesses company resources to have a unique username and password.

Consider (safely) phasing out your fax machine and implementing an efax solution.

Transmitting sensitive information via traditional fax machine = cybersecurity incident waiting to happen.

Ensure the safety of your backups with the 3-2-1 rule.

Follow the 3-2-1 rule: keep three (3) copies of your data on two (2) storage platforms, one (1) of which is offsite.

Antivirus and antimalware software are only good if they’re up-to-date

Review antivirus and antimalware programs running on company devices to ensure that they are set to update automatically.

Make sure your company has a documented contingency plan.

Gather your company’s compliance team together to hammer out a plan for restoring your systems and protecting your data in the face of an unexpected emergency, like a natural disaster, equipment failure, or breach.


Need help with your own cybersecurity framework?
Total HIPAA has your back.

We’ll walk you step-by-step through the process of becoming (and staying!) HIPAA compliant.

  • 100% online HIPAA training for your staff
  • Interactive Risk Assessment to help you identify gaps in your security program
  • Customized HIPAA documentation, including Privacy and Security Policies and Procedures, Remote Access Policies, Network Security Policies, and more!
  • Ongoing support to ensure your compliance!
Use a VPN for a secure connection while working remotely.

Choose a VPN provider that offers SSL/TLS encryption and an anonymous IP address. A VPN will provide your systems with an extra layer of protection and allow you to secure your traffic and data. If you are transmitting PII (Personally Identifiable Information), make sure you have a Business Associate Agreement with the provider.

Require two-factor authentication on all your company’s accounts.

If your password is stolen or compromised, two-factor authentication acts as an extra security barrier. Use the Google Authenticator app, or other authentication applications, and force two-factor authentication on all your accounts.

Make software patching a part of your regular cybersecurity procedures.

Think of software patching as an ongoing process, done proactively to eliminate vulnerabilities before they harm your systems. IT should have a schedule for patching applications and systems as they are released. Be on the lookout for new software patches, especially zero-day threats that require immediate attention!

Give your Business Associates’ security programs the same oversight you give your own.

If one of your Business Associates has a Breach, you’re both liable. Audit your Business Associates’ HIPAA Compliance Programs to ensure they have the proper safeguards in place before you sign a BAA and give them access to your systems or facilities. Need a BAA? Our HIPAA Prime program includes a customized Business Associate Agreement with an attestation.

Not all employees need access to all systems and information. Implement access controls.

Workforce members should be assigned access levels which provide them with the minimum amount of access necessary to perform their job functions. Document your  cybersecurity standards based on access level, and keep logs to document when access is granted or revoked.

Add warning banners to accounts.

All systems with access to Protected Data should have a warning banner at login. These serve to deter hackers by warning them that they may be subject to civil penalties or criminal prosecution for unauthorized access to systems.

Create and document a Remote Access Policy.

Establish standards for how staff will connect to the company network when working remotely. These standards will minimize potential exposures, which could lead to the loss of sensitive information. Need help creating a Remote Access Policy? It’s one of the many customized policies included in our HIPAA Prime program.

Encrypt all emails containing PHI.

Find a HIPAA compliant email encryption provider to keep your information safe while in transit. Or, you may have your IT department configure emails to automatically encrypt. End-to-end encryption configures the data so that only the sender and intended recipient can read the email’s content.

Hold an annual security review.

Review or implement your Risk Assessment, company encryption key length requirements, newly released upgrades, and vulnerability testing. Haven’t completed a Risk Assessment? HIPAA Prime includes access to an online and dynamic Risk Assessment to identify your company’s vulnerabilities.

Use a file-sharing app to send files between platforms and devices.

If your company has a BYOD Agreement or policy that allows you to share sensitive information via mobile phone, a file-sharing app may come in handy. File-sharing will enable you to share files between personal and company devices safely and share them securely outside your organization.

Implement a software management policy.

This policy should forbid unauthorized software installation or updates on a computer system, workstation, or network server. These should only be performed by management or IT personnel. If you still need to document this or other security policies, our HIPAA Prime program is here to help.

Install secure host and network firewalls at all data access points.

This twin-firewall approach will allow you to secure network traffic and protect your computers and servers connected to the network.

Use a password manager to keep your accounts and login information secure.

Password managers like LastPass, 1Password, and Zoho provide you with more robust, encrypted passwords, faster access, and easy password resets. You’ll only have to remember one master password, which also reduces the likelihood of credential theft. Choose a difficult master password and update it regularly.

Create and implement a BYOD (Bring Your Own Device) Policy.

If employees use personal devices to access sensitive company data, like Personally Identifiable Information (PII), make sure you have a signed BYOD in place. These procedures should grant the company permission to install security programs on the device and wipe it remotely if it is ever lost or stolen. Total HIPAA provides a customized BYOD, among other required documents, to all HIPAA Prime clients. Contact us today if you have any questions about BYOD policies.

Follow the Minimum Necessary Rule.

The Minimum Necessary Rule states that all individuals should have access to the minimum amount of sensitive data required to do their jobs. Regularly check your system and access levels to ensure that employees can only access the data they absolutely need to perform their duties.

Create an exit checklist for employees who leave your company.

It is critical that former employees no longer have access to company systems after leaving their jobs. Create an exit checklist to make sure the company has adequately disconnected former employees from company systems to prevent unauthorized access. Total HIPAA provides an exit checklist to all HIPAA Prime clients. Contact us today if you have any questions about this procedure.

Maintain detailed access logs.

Keep access logs that record employee logins whenever they access sensitive data. Access logs will be vital in the case of an audit or a Breach. Total HIPAA provides more than a dozen access logs to all HIPAA Prime clients.

Create a standardized password policy to be used company-wide.

Create a password policy that includes password length, inclusion of special characters, and how often passwords must be reset. Document this policy and share it with all employees.

Observe a clean desk policy.

Always leave a clean desk whenever you step away from your computer. Whether in the office or at home, make sure you do not leave an unlocked and unattended computer that is logged into your company system. You should never leave Personally Identifiable Information (PII) up on your screen when you are away from your computer.

When traveling or working in a new place, do not allow devices to auto-connect to wireless networks.

Turn the auto-connect feature off in your device settings. Connecting to an unsecured network allows cybercriminals to access your device remotely.

Never click on a link from an unknown source.

If you receive an email that looks suspicious or comes from someone you do not know, do not click on any links or open any attachments in the message. The simple action of deleting the message and/or blocking the sender could prevent a phishing attack. If you’re unsure of its authenticity, you may forward it to IT for review.

Use a wireless hotspot rather than a public network.

If you need internet on the go, consider using your personal hotspot rather than a public network. This is much more secure, especially if you are connecting to systems that contain sensitive data.

If working from home, change the default username and password for your Wi-fi network.

For those working remotely, your home Wi-fi network is the point of entry for cybercriminals. Make sure to change the default username and password to make the network harder to hack.

Encrypt all protected data using 128-bit encryption.

All data on your devices needs to be encrypted using a minimum of 128-bit encryption.This includes network, email, and device encryption.

Undergo penetration testing to understand weaknesses in your systems.

Hire an outside contractor to perform a penetration test to identify weak spots in your network and systems. This will likely provide you with a list of vulnerabilities that need to be addressed.

Perform a Risk Assessment to identify vulnerabilities within your organization.

Conducting a new Risk Assessment every two years and reviewing it annually helps you stay on top of the inner workings of your company and its systems. The Risk Assessment can act as the blueprint to mitigating vulnerabilities in your company. Total HIPAA offers a comprehensive Risk Assessment that identifies potential vulnerabilities your company should address. We also create customized Policies and Procedures for all HIPAA Prime clients using their Risk Assessment.

Check back in!

We're releasing a new tip every day this month, so check back in throughout the month. We'll email you a summary each week leading up to the webinar.


HIPAA Compliance Made Easy

HIPAA Training

HIPAA requires annual training of your staff on both the law and your Policies & Procedures. Total HIPAA offers interactive online training to engage your employees on best practices for safely handling Protected Health Information.

Customized Plan

Our platform guides you through a thorough risk assessment, and our HIPAA experts use your risk assessment interview as a basis for building your customized documentation and training. All you have to do from there is implement.

Continuous Support

We automatically update your compliance documents as regulations or your business conditions change, and we provide ongoing up-to-date training that satisfies HIPAA requirements and keeps your business safe.

Test popup

[wpforms id="32647"]
<div class="wpforms-container wpforms-container-full" id="wpforms-32647"><form id="wpforms-form-32647" class="wpforms-validate wpforms-form wpforms-ajax-form" data-formid="32647" method="post" enctype="multipart/form-data" action="/" data-token="619442e868ebbbca7791f4f088ab753f"><noscript class="wpforms-error-noscript">Please enable JavaScript in your browser to complete this form.</noscript><div class="wpforms-field-container"><div id="wpforms-32647-field_1-container" class="wpforms-field wpforms-field-text wpforms-one-half wpforms-first" data-field-id="1"><label class="wpforms-field-label wpforms-label-hide" for="wpforms-32647-field_1">Name <span class="wpforms-required-label">*</span></label><input type="text" id="wpforms-32647-field_1" class="wpforms-field-large wpforms-field-required" name="wpforms[fields][1]" placeholder="Name" required></div><div id="wpforms-32647-field_2-container" class="wpforms-field wpforms-field-text wpforms-one-half" data-field-id="2"><label class="wpforms-field-label wpforms-label-hide" for="wpforms-32647-field_2">Company Name <span class="wpforms-required-label">*</span></label><input type="text" id="wpforms-32647-field_2" class="wpforms-field-large wpforms-field-required" name="wpforms[fields][2]" placeholder="Company Name" required></div><div id="wpforms-32647-field_3-container" class="wpforms-field wpforms-field-email wpforms-one-half wpforms-first" data-field-id="3"><label class="wpforms-field-label wpforms-label-hide" for="wpforms-32647-field_3">Email <span class="wpforms-required-label">*</span></label><input type="email" id="wpforms-32647-field_3" class="wpforms-field-large wpforms-field-required" name="wpforms[fields][3]" placeholder="Email" required></div><div id="wpforms-32647-field_4-container" class="wpforms-field wpforms-field-select wpforms-one-half wpforms-field-select-style-classic" data-field-id="4"><label class="wpforms-field-label wpforms-label-hide" for="wpforms-32647-field_4">Industry <span class="wpforms-required-label">*</span></label><select id="wpforms-32647-field_4" class="wpforms-field-large wpforms-field-required" name="wpforms[fields][4]" required="required"><option value="" class="placeholder" disabled selected='selected'>Select Your Industry</option><option value="Agent/Broker" >Agent/Broker</option><option value="Employer" >Employer</option><option value="Business Associate" >Business Associate</option><option value="Medical Provider" >Medical Provider</option><option value="Dental Provider" >Dental Provider</option></select></div><div id="wpforms-32647-field_5-container" class="wpforms-field wpforms-field-textarea" data-field-id="5"><textarea id="wpforms-32647-field_5" class="wpforms-field-small" name="wpforms[fields][5]" placeholder="Submit a question to the webinar panel to be entered into our $100 Amazon gift card drawing (optional)" ></textarea></div></div><div class="wpforms-submit-container" ><input type="hidden" name="wpforms[id]" value="32647"><input type="hidden" name="wpforms[author]" value="1"><input type="hidden" name="wpforms[post_id]" value="32591"><button type="submit" name="wpforms[submit]" class="wpforms-submit om-trigger-conversion" id="wpforms-submit-32647" value="wpforms-submit" aria-live="assertive" data-alt-text="Sending..." data-submit-text="Register &amp; Give Me Access">Register &amp; Give Me Access</button><img src="" class="wpforms-submit-spinner" style="display: none;" width="26" height="26" alt=""></div></form></div> <!-- .wpforms-container -->