Site icon IT World Canada

Eight more security best practices

If regular reports of successful hacking of organizations makes you think your enterprise is defenceless, it’s not: The Online Trust Alliance this month released a list of best security practices to reduce the odds of data loss and identity theft as part of its readiness planning guide. We’ve selected eight tips you should follow. All images from Shutterstock

Run email authorization checks

Make sure your email server has SPF, DKIM and DMARC turned on to help detect maliciousand deceptive messages on incoming messages. ISPs and other organizations accepting your email ought to do the same. Authenticating your outbound mail ensures it is less likely to be identified as spam.

 

Turn on SSL for all data collection

Include “Always on SSL (AOSSL)” for all Web services to help prevent eavesdropping on data being transmitted between client devices, wireless access points and intermediaries.

Remember Extended Validation SSL (EVSSL)

 EVSSL should be used for all commercial and banking apps to provide users a higher level of assurance the site owner is who they purport to be by the display of a green address bar and other trust indicators.

Enforce password policy

First, create one, Second, enable two-factor authentication. Rotate passwords on all business clients and servers every 90 days. Passwords should use a long passphrase, including a combination of upper and lowercase alphabetic characters, symbols, and numbers and should not permit the use of any dictionary words. Forbid re-using them.

Discover data encryption …

If you assume the network will eventually be compromised — and these days experts say that should be the basis for all security strategies — then all sensitive data including email lists should be encrypted, including hashed passwords.

…and wireless, too

Encrypt communication with wireless devices such as routers, including point of sale terminals and credit card devices. Keep all “guest” network access on separate servers and access devices with strong encryption such as WPA2 or use of an IPSec VPN.

 

Create a multilayer defence

Client devices need to be hardened, including default disabling of shared folders, multilayered firewall protection, including both PC-based personal firewall and WAN-based hardware firewalls. In addition, automatic patch management for operating  systems, mobile apps, web applications and add-ons should be enabled. All ports should be off to incoming traffic by default.

 

Create a mobile plan

Without one a BYOD policy can put an organization at risk. A mobile device management program includes an inventory of all employee personal devices used in the workplace, installing of mandatory remote device wiping tools and procedures for to delete company data on lost devices.



Exit mobile version