Licensees must have suitable processes in place to verify the validity of all requests received through all methods of communication including email such as a phish alert solution. Licensees must also ensure that mobile devices with access to their systems, applications and networks are protected through security measures such as mobile device management, encryption, remote wipe, and password protection.