It has been four years since the world worried about the havoc a virus called “Conficker” might wreak online on April Fool’s Day, while new threats, including the ramped up spread of botnets, virus-laden advertising and malicious spear phishing are increasing.
The Online Trust Alliance (OTA) has release of its annual “Top Ten Ways Businesses Can Protect Consumers from Being Fooled,” a list of simple-to-employ recommendations for businesses and government agencies to help protect their customers’ and employees’ personal data, financial assets and devices from being compromised.
OTA, with data from the FBI, Secret Service and forensics experts, developed the list to address the most common and dangerous threats based on a review of thousands of data loss and identity theft incidents.
Businesses overlooking fundamentals
“While businesses are making efforts, all too often they are overlooking the fundamentals which could curb upwards of 90% of online threats to their data,” said Craig Spiezle, executive director and president, Online Trust Alliance.
“We have a shared responsibility to harden our systems and those of our customers. Secure and confident customers are good for business and for the long-term vitality of the digital economy.”
“I want to thank OTA for promoting stronger cyber privacy, security, and resilience,” said Senator Joe Lieberman. “The same way you lock up your business at night to deter criminals, you need to lock up your computer so you’re a less tempting target. OTA’s simple and inexpensive security tips can help our business community take a byte out of cyber crime.”
Top Five from top ten list
OTA’s 2012 Top 10 Recommendations address the most frequent exploits including botnets, malicious email, phishing and deceptive websites. An excerpt of the full list follows:
- The browser is the first line of defense, yet over 40% of users have outdated and insecure browsers, lacking integrated anti-phishing, malware protection and online tracking privacy controls. “Why Your Browser Matters” is a helpful resource for all businesses to provide “teachable moments” to site visitors to upgrade their browser at no cost.
- Upwards of 10% of computers are infected by “botnets”. Scan your systems weekly with tools and resources to help detect, prevent and remediate the threats.
- Deceptive and malicious email continued to grow in the past year, targeting business users, government agencies and consumers. Implement Email Authentication to reduce the incidence of spoofed and forged email, which may lead to identity theft, and the distribution of malware and tarnish your brand reputation.
- Cybercriminals are increasingly snooping and eavesdropping on wireless connections, including airports, coffee shops and the library. Always-on SSL (AOSSL) encrypts all connections and communication — including users’ names and passwords. This standard is now implemented by leading sites including Twitter, Facebook, PayPal and Microsoft.
- Enable automatic patch management for operating systems, applications, including add-ons and plugins. Proactive patch management can harden your system from known vulnerabilities. End-of-life applications that are no longer supported should be removed or used in isolated and secure sessions.
Complete list has more
The complete 2012 list also includes steps regarding protections of internal infrastructures to safeguard customer data and business continuity. The list builds on OTA’s 2012 Data Protection and Breach Readiness Guide, released in January, which identifies key recommendations to help businesses protect their data and be prepared for a breach and data loss incident.
The guide highlighted that in 2011, over 125 million people were affected by data loss incidents costing businesses over $6.5 billion. Almost half of 2011’s breaches could have been avoided through implementation of simple or intermediate controls as outlined in OTA’s recommendations.
To view the complete and updated list for 2012 on ways businesses can protect consumers from being fooled, please go to:https://otalliance.org/2012tips.html.