8. Expect To Encounter Client Resistance For Now

Many clients either kick the can down the road when it comes to enhancing security controls, or don't think they have any materials that would be of interest to hackers.

"Everybody wants to be covered, but they don't want to pay for it," Tinnirello said.

Most of Hinrichsen's clients aren’t asking about security unless they have to meet HIPAA or PCI compliance. Getting clients to adopt best practices despite their resistance to spending more money is challenging, Hinrichsen said.

And once clients have gotten on board, Tinnirello said it can be tough to find the proper balance between security and usability.