After a massive data breach that left some 26 million veterans vulnerable to identity theft, the Department of Veterans Affairs last week hired former attorney Rick Romley as the agency's new Special Advisor for Information Security. Oh, goody.

You'll have to forgive the sound of my one hand clapping, but the VA has been getting failing grades at security for years. With apologies to Mr. Romley, the department doesn't need a figurehead; it needs a litany of sweeping changes that will keep sensitive data safe.

And for those who think "figurehead" is a wildly unfair term, Romley's contract covers just three months. When was the last time the Feds got anything done in fewer than 100 days? Harkening back to the Roosevelt administration doesn't count.

Enough with the rant
But, hey, let's try to be optimistic. Romley is, after all, a decorated former Marine, which means he's taking up an assignment to protect former brothers in arms. And, as a former local government attorney in Arizona, he's had his share of battles with bureaucracy.

To help him along, here are a few Foolish tips for making the next 100 days more productive.

A lesson from the guy down the street
Few know security better than the defense contractors. There's a reason for this, of course. For Lockheed Martin (NYSE:LMT), Boeing (NYSE:BA), Raytheon (NYSE:RTN), and General Dynamics (NYSE:GD), poor security leads directly to poor earnings. That's why iPods and camera phones are banned from their buildings. And it's why you'll never see Lockheed workers assigned to a classified project carting home a laptop whenever it suits them.

Why not actually enforce a similar policy at the VA? After all, the agency's Washington, D.C., headquarters are spitting distance from Lockheed's Bethesda, Md., home. Surely someone there would be more than happy to help with the VA's reinvention effort.

Password plus
Simpler still would be to make sure password-protection guidelines are strictly enforced. And not just for systems, but also for files. Recent reports from the VA Inspector General indicate that many VA employees do not even have the automatic session timeout feature activated on their computers. That's lazy, and it leaves veterans vulnerable to identity theft.

In my own life, I make myself jump through hoops to get at my information. If someone were to steal my PowerBook tomorrow, it would still take more than a little time to hack into my financial life. I don't store passwords for the financial sites I use on my Mac. I re-enter the data for my bank, credit card, and brokerage sites every time. And good luck breaking into my Quicken files; the program is password-protected with a unique combination that I don't use for any other software or service.

The Foolish bottom line
One hundred days isn't a lot of time. But there's good news. Well, sort of. The situation at the VA appears to be so dire that simple changes such as better password protection could have a meaningful, immediate impact. This isn't the advice of high-priced consultants. We're just a bunch of Fools who have secured their financial lives by paying attention to the basics. Isn't it time the VA took a lesson from us?

Identity theft could cost you an average of $1,400 and hundreds of frustrating hours. In our just-released report, "How to Protect Your Identity from Being Stolen and Your Credit from Being Wrecked," we highlight the latest ways you can protect yourself and detail exactly what you should do to get your identity back if it is stolen. It's yours for free. Just click here.

Fool contributor Tim Beyers hopes none of the 26 million vets affected by the latest breach suffers at the hands of an identity thief. Stay vigilant, folks. Tim didn't own shares in any of the companies mentioned in this story at the time of publication. You can find out what is in his portfolio by checking Tim's Fool profile . The Motley Fool has an ironclad disclosure policy .