
Nine Security Best Practices You Should Enforce
 Implement Inbound E-mail Authentication Checks
Implement Inbound E-mail Authentication Checks
All businesses should implement Sender Policy Framework, DomainKeys Identified Mail and Domain-based Message Authentication, Reporting and Conformance to maximize protection against these threats to customers and employees. These actions allow ISPs and internal networks to detect and block fraudulent e-mail.
 Upgrade to Extended Validation SSL
Upgrade to Extended Validation SSL
Upgrade to EVSSL for all commerce and banking applications. This gives users more confidence that the site owner is really who he says he is.
 Review All Password Management Policies
Review All Password Management Policies
Take stock of your password management policies, including enabling support of two-factor authentication. Every 90 days, change passwords on all business clients and servers.
 Be Strict About Passwords
Be Strict About Passwords
Passwords should contain long passphrases including a combination of upper and lowercase alphabetic characters, symbols, and numbers. Do not permit dictionary words.
 Protect Data and Disks With Encryption
Protect Data and Disks With Encryption
Encrypt all sensitive data, including e-mail lists, using hashed passwords. The OTA guide includes a detailed appendix with encryption resources for a range of devices.
 Encrypt Communication With Wireless Devices
Encrypt Communication With Wireless Devices
Communication with wireless devices, such as routers, point-of-sale terminals and credit card devices, should be encrypted. Keep guest network access on separate servers and access devices with strong encryption, such as WPA 2 or IPSec VPN.
 Harden Client Devices
Harden Client Devices
Protect client devices by default disabling shared folders and protecting multilayered firewalls, including both PC-based personal and WAN-based hardware firewalls.
 Automate Patch Management
Automate Patch Management
Enable automatic patch management for operating systems, mobile apps, web applications and add-ons.
 Implement a Mobile Device Plan and Policy
Implement a Mobile Device Plan and Policy
Your mobile device management program should include taking inventory of all employee personal devices used in the workplace. Install mandatory remote device wiping tools and procedures in case a device gets lost or stolen.


