Nine Security Best Practices You Should Enforce

By Karen A. Frenkel  |  Posted 06-18-2014 Email Print this article Print

Eighty-nine percent of security breaches and data loss incidents could have been prevented last year, according to the Online Trust Alliance's (OTA's) "2014 Data and Breach Protection Readiness Guide." In the interest of helping enterprises protect themselves, their data and their customers, the OTA has been publishing guidelines since 2009. "Viewing breaches as a 'technical issue' is a recipe for failure," the report said. "Instead, [businesses] need to recognize that every department within an organization needs to play a part in readiness planning." This year's guide includes a discussion of a breach's impact on a business, contractual obligations to customers, how cybercriminals target unsuspecting organizations, and the resulting business disruption and loss. The report also includes information on data governance and loss prevention, incident response planning, and international security considerations. For a copy of the guide, click here.

  • Implement Inbound E-mail Authentication Checks

    All businesses should implement Sender Policy Framework, DomainKeys Identified Mail and Domain-based Message Authentication, Reporting and Conformance to maximize protection against these threats to customers and employees. These actions allow ISPs and internal networks to detect and block fraudulent e-mail.
    Implement Inbound E-mail Authentication Checks
  • Upgrade to Extended Validation SSL

    Upgrade to EVSSL for all commerce and banking applications. This gives users more confidence that the site owner is really who he says he is.
    Upgrade to Extended Validation SSL
  • Review All Password Management Policies

    Take stock of your password management policies, including enabling support of two-factor authentication. Every 90 days, change passwords on all business clients and servers.
    Review All Password Management Policies
  • Be Strict About Passwords

    Passwords should contain long passphrases including a combination of upper and lowercase alphabetic characters, symbols, and numbers. Do not permit dictionary words.
    Be Strict About Passwords
  • Protect Data and Disks With Encryption

    Encrypt all sensitive data, including e-mail lists, using hashed passwords. The OTA guide includes a detailed appendix with encryption resources for a range of devices.
    Protect Data and Disks With Encryption
  • Encrypt Communication With Wireless Devices

    Communication with wireless devices, such as routers, point-of-sale terminals and credit card devices, should be encrypted. Keep guest network access on separate servers and access devices with strong encryption, such as WPA 2 or IPSec VPN.
    Encrypt Communication With Wireless Devices
  • Harden Client Devices

    Protect client devices by default disabling shared folders and protecting multilayered firewalls, including both PC-based personal and WAN-based hardware firewalls.
    Harden Client Devices
  • Automate Patch Management

    Enable automatic patch management for operating systems, mobile apps, web applications and add-ons.
    Automate Patch Management
  • Implement a Mobile Device Plan and Policy

    Your mobile device management program should include taking inventory of all employee personal devices used in the workplace. Install mandatory remote device wiping tools and procedures in case a device gets lost or stolen.
    Implement a Mobile Device Plan and Policy
Karen A. Frenkel writes about technology and innovation and lives in New York City.


Submit a Comment

Loading Comments...
Thanks for your registration, follow us on our social networks to keep up-to-date