1. Deploy SSL Server Certificates throughout your enterprise. SSL is the most widely deployed security protocol in the world. It should be deployed on any and all servers to protect any confidential and personal information that is passing from browser to server.
2. The use of firewalls, intrusion detection, client PC virus software, server-based virus checking and keeping all systems up to date with security patches will prevent most types of threats from impacting operations, compromising sensitive data or threatening your business continuity.
3. Having security services fully managed will allow you to focus on applications needed to drive your business while a trusted third-party builds out the complex, secure and expensive public key infrastructure and manages it for you.
4. Passwords are weak and getting weaker, making your secure systems vulnerable. Dramatically decrease that vulnerability by enforcing strict password usage rules.
5. Issue all employees digital client certificates for signed/encrypted email to protect corporate data and to increase confidence in the origination, authenticity and confidentiality of all corporate communications.
6. Replace weak password entry-points and expensive time-synchronized tokens to secure systems with digital certificates which are much more secure than passwords, lower cost than secure tokens and yet, when fully managed, are easy to deploy.
7. Project and protect your business identity through your web site using a trust mark establishes both identity and trust with site visitors.
8. Create a demilitarized zone (DMZ) to cordon off risky network activities from your business-critical production network segments for all modem access, for simulating production or for allowing customers to do any kind of acceptance testing.
9. Define your security protocol. This is perhaps the most overlooked, and the most dreaded of the 10 guidelines, yet it is the easiest and arguably the biggest impact item of all: write it down, communicate it and enforce it.
10. Start using well-tested, mature authentication technologies to establish identity of anonymous web-based individuals. Streamline your business through paperless transactions.
