Salesforce Security Best Practice: Secure Sessions

An important and easy to implement best practice is to Require Secure Sessions.  With Secure Sessions, all messages are encrypted in transit from the web browser to salesforce.com’s servers to protect your data.

Administrators can verify these settings:  Setup>Manage Users>Profiles

Salesforce Security Best Practice - require secure connection

Salesforce.com maintains a page of security best practices which includes this tip and more.