Eight more security best practices

If regular reports of successful hacking of organizations makes you think your enterprise is defenceless, it’s not: The Online Trust Alliance this month released a list of best security practices to reduce the odds of data loss and identity theft as part of its readiness planning guide. We’ve selected eight tips you should follow. All images from Shutterstock

Run email authorization checks

Make sure your email server has SPF, DKIM and DMARC turned on to help detect maliciousand deceptive messages on incoming messages. ISPs and other organizations accepting your email ought to do the same. Authenticating your outbound mail ensures it is less likely to be identified as spam.

SMALL email security graphic SHUTTERSTOCK


Turn on SSL for all data collection

Include “Always on SSL (AOSSL)” for all Web services to help prevent eavesdropping on data being transmitted between client devices, wireless access points and intermediaries.


Remember Extended Validation SSL (EVSSL)

 EVSSL should be used for all commercial and banking apps to provide users a higher level of assurance the site owner is who they purport to be by the display of a green address bar and other trust indicators.

SMALL Secure web site graphic SHUTTERSTOCK

Enforce password policy

First, create one, Second, enable two-factor authentication. Rotate passwords on all business clients and servers every 90 days. Passwords should use a long passphrase, including a combination of upper and lowercase alphabetic characters, symbols, and numbers and should not permit the use of any dictionary words. Forbid re-using them.


Discover data encryption …

If you assume the network will eventually be compromised — and these days experts say that should be the basis for all security strategies — then all sensitive data including email lists should be encrypted, including hashed passwords.

SMALL Encryption or Password graphic SHUTTERSTOCK

…and wireless, too

Encrypt communication with wireless devices such as routers, including point of sale terminals and credit card devices. Keep all “guest” network access on separate servers and access devices with strong encryption such as WPA2 or use of an IPSec VPN.

SMALL generic wifi access point SHUTTERSTOCK


Create a multilayer defence

Client devices need to be hardened, including default disabling of shared folders, multilayered firewall protection, including both PC-based personal firewall and WAN-based hardware firewalls. In addition, automatic patch management for operating  systems, mobile apps, web applications and add-ons should be enabled. All ports should be off to incoming traffic by default.



Create a mobile plan

Without one a BYOD policy can put an organization at risk. A mobile device management program includes an inventory of all employee personal devices used in the workplace, installing of mandatory remote device wiping tools and procedures for to delete company data on lost devices.


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Slideshows

Top Tech News