Blog
← Back to Blog
October 05, 2017 cybersecurity

Cybersecurity Awareness Month 2017: Our Top 10 Security Wins

Cybersecurity awareness and protection

October is Cybersecurity Awareness Month again, and what a difference a year makes. In October 2016, we were dealing with the Mirai botnet and the Dyn DDoS attack. This year, we've lived through WannaCry, NotPetya, the Equifax breach, and dozens of smaller incidents. The threat landscape has intensified significantly.

After 18 months of writing about security, we've identified the improvements that deliver the most protection for the least effort. If you do nothing else, do these.

The Top 10 (Ranked by Impact-to-Effort Ratio)

1. Enable Two-Factor Authentication on Email

Effort: 10 minutes per account. Impact: Blocks 99% of account compromises.

Email is the master key to your digital life. Protect it first.

2. Use a Password Manager

Effort: 1 hour for initial setup. Impact: Eliminates password reuse, the most exploited vulnerability in business computing.

LastPass, 1Password, or Bitwarden. Pick one. Deploy it. Make it mandatory.

3. Enable Automatic Updates

Effort: 15 minutes to configure. Impact: Closes the window that WannaCry and NotPetya exploited.

Both attacks used vulnerabilities that had patches available for months. Automatic updates prevent this.

4. Verify Your Backups (Right Now)

Effort: 30 minutes. Impact: Determines whether you can recover from ransomware or hardware failure.

Check that backups are running. Test a restore. Verify the backup includes your PMS database AND imaging files.

5. Freeze Your Credit

Effort: 30 minutes (3 phone calls). Impact: Prevents identity theft from the Equifax breach and every future breach.

If you haven't done this since the Equifax disclosure, do it today.

6. Set Screen Lock to 5 Minutes

Effort: 2 minutes per machine. Impact: Prevents unauthorized access to unattended workstations.

HIPAA requires it. Your patients' privacy demands it.

7. Remove Admin Rights from Daily User Accounts

Effort: 30 minutes to reconfigure. Impact: Prevents malware from installing itself with full system access.

Staff should use standard user accounts. Admin access only when needed, through a separate account.

8. Run a Phishing Simulation

Effort: 1-2 hours to set up and review results. Impact: Identifies which staff members need additional training before a real attack does.

Free tools like GoPhish make this accessible even for small practices.

9. Encrypt All Devices

Effort: 30 minutes per machine. Impact: Makes a stolen device a hardware loss instead of a data breach.

BitLocker on Windows Pro, FileVault on Mac. Both are built into the operating system.

10. Create an Incident Response Plan

Effort: 2-3 hours. Impact: Turns panic into procedure when something goes wrong.

Know who to call, what to do first, and how to communicate. Write it down. Share it with your team.

The Challenge

Pick three items from this list that you haven't done yet. Complete them before October 31st. That's one per week. Totally doable.

If you've already done all ten, congratulations. You're ahead of 95% of small businesses. Consider this your annual verification pass: confirm everything is still in place and working.

Cybersecurity Awareness Month isn't about awareness. It's about action. Take some.