Security Guidance for Employee Portal/Web Client