This list is not entirely focused on mobile security, but is general to corporate security. Here’s my list of 10 security best practice guidelines for businesses:
1.Encrypt your data:
Stored data, filesystems, and across-the-wire transfers all need to be encrypted. Encryption is essential to protecting sensitive data and to help prevent data loss due to theft or equipment loss.
2.Use digital certificates to sign all of your sites
: Save your certificates to hardware devices such as routers or load balancers and not on the web server as is traditionally done. Obtain your certificates from one of the trusted authorities.
3.Implement DLP and auditing:
Use data loss prevention and file auditing to monitor, alert, identify, and block the flow of data into and out of your network.
4.Implement a removable media policy
: Restrict the use of USB drives, external hard disks, thumb drives, external DVD writers, and any writeable media. These devices facilitate security breaches coming into or leaving your network.
5.Secure websites against MITM and malware infections:
Use SSL, scan your website daily for malware, set the Secure flag for all session cookies, use SSL certificates with Extended Validation.
6.Use a spam filter on email servers:
Use a time-tested spam filter such as SpamAssassin to remove unwanted email from entering your users’ inboxes and junk folders. Teach your users how to identify junk mail even if it’s from a trusted source.
7.Use a comprehensive endpoint security solution:
Symantec suggests using a multi-layered product (theirs, of course) to prevent malware infections on user devices. Antivirus software alone is not enough. Antivirus, personal firewall, and intrusion detection are all part of the total approach to endpoint protection.
8.Network-based security hardware and software:
Use firewalls, gateway antivirus, intrusion detection devices, honey pots, and monitoring to screen for DoS attacks, virus signatures, unauthorized intrusion, port scans, and other “over the network” attacks and attempts at security breaches.
9.Maintain security patches:
Some antivirus programs update on what seems like a daily basis. Be sure that your software and hardware defenses stay up to date with new antimalware signatures and the latest patches. If you turn off automatic updating, set up a regular scan and remediate plan for your systems.
10.Educate your users
: As I wrote in The second most important BYOD security defense: user awareness, “it might be the most important non-hardware, non-software solution available. An informed user is a user who behaves more responsibly and takes fewer risks with valuable company data, including email”.