Security Practices/Standards

Security Practices refers to the collection of formal or informal policies and practices your business may use to protect access to or use of its information.

While every business will need to build a set of security practices which best match its concerns, the following are common practices which we generally recommend to all of our clients. Following these best practices are our minimum supportability standards. To those looking for help developing a business specific security policy or standard, please reach out to your account management.

User Password Best Practices

  • Use multi-factor authentication wherever offered

  • Use different passwords for every unique system or service*

  • Use the longest password or passphrase permissible by each service

  • Never use passwords that are based on personal information or can be easily found or guessed*

  • Use a secure password manager to provide ease of use

authentication System best practices

  • Never store passwords in clear-text*

  • Do not use password expirations

  • Favor long passwords over complex passwords

  • Enable automated account lockouts for bad attempts and idle periods

  • Do not allow shared accounts between users or systems*

  • Use central authentication / SSO to the greatest extent possible

Other Security Best Practices

  • Periodically conduct user security awareness training

  • Create written security policy and routinely communicate to staff the benefits of following it

  • Use systems and solutions with inherently strong user security models

  • Favor systems and solutions with support for Federated or SSO authentication capabilities

  • Use advanced endpoint protection, DNS filtering, phishing protection, and DLP products as available

  • Employ role based access control across all systems as it may apply to your business*

Minimum Support Security Practices

  • All above lines which are followed by stars (*) are considered minimum requirements

For more information on our Supportability policies please see the Overview page. Additional information can be found within the relevant agreements with us.