Once an
organization has determined where the security risks are, some fundamental best
practices should be implemented to avoid security breaches.
A very
important thing to do to protect customer and employee information is to use
encryption. All sensitive data should be
encrypted when it is stored and when it is being transmitted. There are many government regulations that
will impose fines against companies who cannot prove that they have followed
this very important step of keeping sensitive information safe. Encryption should use the strongest possible algorithm
to keep sensitive information secure.
OWASP has a top 10 security vulnerabilities list published annually and
provides information about encryption when transporting data (OWASP 2014) and
when storing sensitive data (OWASP Apr 2014).
Other things
that should be done to keep customer information secure include (Hess 2013):
- Use digital certificates to sign all sites
- Do not allow removable media to be used on company computers (e.g. USB drives, external hard drives, etc.)
- Install a spam filter on the email system
- Install a device that scrubs all email coming in and out of a company to prevent PCI data from going out and malware links from coming into the company network
- Always maintain security patches on all applications
- Make sure users are trained on security concerns since information security is everyone’s responsibility
Reference:
- Hess, K. ZDNet (Mar 2013). 10 security best practice guidelines for businesses. Retrieved from http://www.zdnet.com/10-security-best-practice-guidelines-for-businesses-7000012088/
- OWASP (2014). Top 10 2014-I4 Lack of Transport Encryption. Retrieved from https://www.owasp.org/index.php/Top_10_2014-I4_Lack_of_Transport_Encryption
- OWASP (Apr 2014). Cryptographic Storage Cheat Sheet. Retrieved from https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet
No comments:
Post a Comment