Nine Security Best Practices You Should Enforce
All businesses should implement Sender Policy Framework, DomainKeys Identified Mail and Domain-based Message Authentication, Reporting and Conformance to maximize protection against these threats to customers and employees. These actions allow ISPs and internal networks to detect and block fraudulent e-mail.
Upgrade to EVSSL for all commerce and banking applications. This gives users more confidence that the site owner is really who he says he is.
Take stock of your password management policies, including enabling support of two-factor authentication. Every 90 days, change passwords on all business clients and servers.
Passwords should contain long passphrases including a combination of upper and lowercase alphabetic characters, symbols, and numbers. Do not permit dictionary words.
Encrypt all sensitive data, including e-mail lists, using hashed passwords. The OTA guide includes a detailed appendix with encryption resources for a range of devices.
Communication with wireless devices, such as routers, point-of-sale terminals and credit card devices, should be encrypted. Keep guest network access on separate servers and access devices with strong encryption, such as WPA 2 or IPSec VPN.
Protect client devices by default disabling shared folders and protecting multilayered firewalls, including both PC-based personal and WAN-based hardware firewalls.
Enable automatic patch management for operating systems, mobile apps, web applications and add-ons.
Your mobile device management program should include taking inventory of all employee personal devices used in the workplace. Install mandatory remote device wiping tools and procedures in case a device gets lost or stolen.