This chapter provides a description of a series of practical best practices one can implement to secure the privacy and integrity of the data the firm retains. It covers IT security and disaster recovery together because many of the pieces one need to implement overlap both initiatives because they protect against intentional and accidental data loss or destruction. It is important to understand the components required to implement a comprehensive data protection model, such as hardware devices, software applications, policies and procedures, and personnel training. Perhaps the best known and most talked about security policy is that of passwords. Most systems require a password as a form of authentication to access a system or application. In addition, cloud applications provide the ability to have the data available anytime, anywhere, thus, eliminating the need to keep data floating around on the portable devices.