Endpoint
3/29/2012
01:46 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

OTA Issues Top 10 Tips For Businesses to Protect Consumers From Being Fooled

Online Trust Alliance's list in preparation for April Fool's Day

Seattle, WA – March 29, 2012 – It has been four years since the world worried about the havoc a virus called "Conficker" might wreak online on April Fool’s Day, while new threats, including the ramped up spread of botnets, virus-laden advertising and malicious spear phishing are increasing. The Online Trust Alliance (OTA) today announced the release of their annual "Top Ten Ways Businesses Can Protect Consumers from Being Fooled," a list of simple-to-employ recommendations for businesses and government agencies to help protect their customers’ and employees’ personal data, financial assets and devices from being compromised.

OTA, with data from the FBI, Secret Service and forensics experts, developed the list to address the most common and dangerous threats based on a review of thousands of data loss and identity theft incidents.

"While businesses are making efforts, all too often they are overlooking the fundamentals which could curb upwards of 90% of online threats to their data," said Craig Spiezle, executive director and president, Online Trust Alliance. "We have a shared responsibility to harden our systems and those of our customers. Secure and confident customers are good for business and for the long-term vitality of the digital economy."

"I want to thank OTA for promoting stronger cyber privacy, security, and resilience," said Senator Joe Lieberman. "The same way you lock up your business at night to deter criminals, you need to lock up your computer so you’re a less tempting target. OTA’s simple and inexpensive security tips can help our business community take a byte out of cyber crime."

OTA’s 2012 Top 10 Recommendations address the most frequent exploits including botnets, malicious email, phishing and deceptive websites. An excerpt of the full list follows:

1.The browser is the first line of defense, yet over 40% of users have outdated and insecure browsers, lacking integrated anti-phishing, malware protection and online tracking privacy controls. "Why Your Browser Matters" is a helpful resource for all businesses to provide "teachable moments" to site visitors to upgrade their browser at no cost.

2.Upwards of 10% of computers are infected by "botnets". Scan your systems weekly with tools and resources to help detect, prevent and remediate the threats.

3.Deceptive and malicious email continued to grow in the past year, targeting business users, government agencies and consumers. Implement Email Authentication to reduce the incidence of spoofed and forged email, which may lead to identity theft, and the distribution of malware and tarnish your brand reputation.

4.Cybercriminals are increasingly snooping and eavesdropping on wireless connections, including airports, coffee shops and the library. Always-on SSL (AOSSL) encrypts all connections and communication -- including users’ names and passwords. This standard is now implemented by leading sites including Twitter, Facebook, PayPal and Microsoft.

5.Enable automatic patch management for operating systems, applications, including add-ons and plugins. Proactive patch management can harden your system from known vulnerabilities. End-of-life applications that are no longer supported should be removed or used in isolated and secure sessions.

The complete 2012 list also includes steps regarding protections of internal infrastructures to safeguard customer data and business continuity. The list builds on OTA’s 2012 Data Protection and Breach Readiness Guide, released in January, which identifies key recommendations to help businesses protect their data and be prepared for a breach and data loss incident. The guide highlighted that in 2011, over 125 million people were affected by data loss incidents costing businesses over $6.5 billion. Almost half of 2011’s breaches could have been avoided through implementation of simple or intermediate controls as outlined in OTA’s recommendations.

To view the complete and updated list for 2012 on ways businesses can protect consumers from being fooled, please go to: https://otalliance.org/2012tips.html.

About The Online Trust Alliance (OTA) https://otalliance.org

OTA’s mission is to develop and advocate best practices, public policy and self-regulation to mitigate emerging privacy, identity and security threats to online services, brands, government, organizations and consumers. By enhancing online trust and confidence, we can realize the potential of the internet; promote innovation; and further the vitality of commerce.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-4988
Published: 2014-07-09
Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file.

CVE-2014-0207
Published: 2014-07-09
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.

CVE-2014-0537
Published: 2014-07-09
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via uns...

CVE-2014-0539
Published: 2014-07-09
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via uns...

CVE-2014-3309
Published: 2014-07-09
The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.