Endpoint
3/29/2012
01:46 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

OTA Issues Top 10 Tips For Businesses to Protect Consumers From Being Fooled

Online Trust Alliance's list in preparation for April Fool's Day

Seattle, WA – March 29, 2012 – It has been four years since the world worried about the havoc a virus called "Conficker" might wreak online on April Fool’s Day, while new threats, including the ramped up spread of botnets, virus-laden advertising and malicious spear phishing are increasing. The Online Trust Alliance (OTA) today announced the release of their annual "Top Ten Ways Businesses Can Protect Consumers from Being Fooled," a list of simple-to-employ recommendations for businesses and government agencies to help protect their customers’ and employees’ personal data, financial assets and devices from being compromised.

OTA, with data from the FBI, Secret Service and forensics experts, developed the list to address the most common and dangerous threats based on a review of thousands of data loss and identity theft incidents.

"While businesses are making efforts, all too often they are overlooking the fundamentals which could curb upwards of 90% of online threats to their data," said Craig Spiezle, executive director and president, Online Trust Alliance. "We have a shared responsibility to harden our systems and those of our customers. Secure and confident customers are good for business and for the long-term vitality of the digital economy."

"I want to thank OTA for promoting stronger cyber privacy, security, and resilience," said Senator Joe Lieberman. "The same way you lock up your business at night to deter criminals, you need to lock up your computer so you’re a less tempting target. OTA’s simple and inexpensive security tips can help our business community take a byte out of cyber crime."

OTA’s 2012 Top 10 Recommendations address the most frequent exploits including botnets, malicious email, phishing and deceptive websites. An excerpt of the full list follows:

1.The browser is the first line of defense, yet over 40% of users have outdated and insecure browsers, lacking integrated anti-phishing, malware protection and online tracking privacy controls. "Why Your Browser Matters" is a helpful resource for all businesses to provide "teachable moments" to site visitors to upgrade their browser at no cost.

2.Upwards of 10% of computers are infected by "botnets". Scan your systems weekly with tools and resources to help detect, prevent and remediate the threats.

3.Deceptive and malicious email continued to grow in the past year, targeting business users, government agencies and consumers. Implement Email Authentication to reduce the incidence of spoofed and forged email, which may lead to identity theft, and the distribution of malware and tarnish your brand reputation.

4.Cybercriminals are increasingly snooping and eavesdropping on wireless connections, including airports, coffee shops and the library. Always-on SSL (AOSSL) encrypts all connections and communication -- including users’ names and passwords. This standard is now implemented by leading sites including Twitter, Facebook, PayPal and Microsoft.

5.Enable automatic patch management for operating systems, applications, including add-ons and plugins. Proactive patch management can harden your system from known vulnerabilities. End-of-life applications that are no longer supported should be removed or used in isolated and secure sessions.

The complete 2012 list also includes steps regarding protections of internal infrastructures to safeguard customer data and business continuity. The list builds on OTA’s 2012 Data Protection and Breach Readiness Guide, released in January, which identifies key recommendations to help businesses protect their data and be prepared for a breach and data loss incident. The guide highlighted that in 2011, over 125 million people were affected by data loss incidents costing businesses over $6.5 billion. Almost half of 2011’s breaches could have been avoided through implementation of simple or intermediate controls as outlined in OTA’s recommendations.

To view the complete and updated list for 2012 on ways businesses can protect consumers from being fooled, please go to: https://otalliance.org/2012tips.html.

About The Online Trust Alliance (OTA) https://otalliance.org

OTA’s mission is to develop and advocate best practices, public policy and self-regulation to mitigate emerging privacy, identity and security threats to online services, brands, government, organizations and consumers. By enhancing online trust and confidence, we can realize the potential of the internet; promote innovation; and further the vitality of commerce.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web