Nine Security Best Practices You Should Enforce

Karen A. Frenkel Avatar

Updated on:

Nine Security Best Practices You Should Enforce

Implement Inbound E-mail Authentication ChecksImplement Inbound E-mail Authentication Checks

All businesses should implement Sender Policy Framework, DomainKeys Identified Mail and Domain-based Message Authentication, Reporting and Conformance to maximize protection against these threats to customers and employees. These actions allow ISPs and internal networks to detect and block fraudulent e-mail.

Upgrade to Extended Validation SSLUpgrade to Extended Validation SSL

Upgrade to EVSSL for all commerce and banking applications. This gives users more confidence that the site owner is really who he says he is.

Review All Password Management PoliciesReview All Password Management Policies

Take stock of your password management policies, including enabling support of two-factor authentication. Every 90 days, change passwords on all business clients and servers.

Be Strict About PasswordsBe Strict About Passwords

Passwords should contain long passphrases including a combination of upper and lowercase alphabetic characters, symbols, and numbers. Do not permit dictionary words.

Protect Data and Disks With EncryptionProtect Data and Disks With Encryption

Encrypt all sensitive data, including e-mail lists, using hashed passwords. The OTA guide includes a detailed appendix with encryption resources for a range of devices.

Encrypt Communication With Wireless DevicesEncrypt Communication With Wireless Devices

Communication with wireless devices, such as routers, point-of-sale terminals and credit card devices, should be encrypted. Keep guest network access on separate servers and access devices with strong encryption, such as WPA 2 or IPSec VPN.

Harden Client DevicesHarden Client Devices

Protect client devices by default disabling shared folders and protecting multilayered firewalls, including both PC-based personal and WAN-based hardware firewalls.

Automate Patch ManagementAutomate Patch Management

Enable automatic patch management for operating systems, mobile apps, web applications and add-ons.

Implement a Mobile Device Plan and PolicyImplement a Mobile Device Plan and Policy

Your mobile device management program should include taking inventory of all employee personal devices used in the workplace. Install mandatory remote device wiping tools and procedures in case a device gets lost or stolen.

Karen A. Frenkel Avatar