Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

3/29/2012
01:46 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

OTA Issues Top 10 Tips For Businesses to Protect Consumers From Being Fooled

Online Trust Alliance's list in preparation for April Fool's Day

Seattle, WA – March 29, 2012 – It has been four years since the world worried about the havoc a virus called "Conficker" might wreak online on April Fool’s Day, while new threats, including the ramped up spread of botnets, virus-laden advertising and malicious spear phishing are increasing. The Online Trust Alliance (OTA) today announced the release of their annual "Top Ten Ways Businesses Can Protect Consumers from Being Fooled," a list of simple-to-employ recommendations for businesses and government agencies to help protect their customers’ and employees’ personal data, financial assets and devices from being compromised.

OTA, with data from the FBI, Secret Service and forensics experts, developed the list to address the most common and dangerous threats based on a review of thousands of data loss and identity theft incidents.

"While businesses are making efforts, all too often they are overlooking the fundamentals which could curb upwards of 90% of online threats to their data," said Craig Spiezle, executive director and president, Online Trust Alliance. "We have a shared responsibility to harden our systems and those of our customers. Secure and confident customers are good for business and for the long-term vitality of the digital economy."

"I want to thank OTA for promoting stronger cyber privacy, security, and resilience," said Senator Joe Lieberman. "The same way you lock up your business at night to deter criminals, you need to lock up your computer so you’re a less tempting target. OTA’s simple and inexpensive security tips can help our business community take a byte out of cyber crime."

OTA’s 2012 Top 10 Recommendations address the most frequent exploits including botnets, malicious email, phishing and deceptive websites. An excerpt of the full list follows:

1.The browser is the first line of defense, yet over 40% of users have outdated and insecure browsers, lacking integrated anti-phishing, malware protection and online tracking privacy controls. "Why Your Browser Matters" is a helpful resource for all businesses to provide "teachable moments" to site visitors to upgrade their browser at no cost.

2.Upwards of 10% of computers are infected by "botnets". Scan your systems weekly with tools and resources to help detect, prevent and remediate the threats.

3.Deceptive and malicious email continued to grow in the past year, targeting business users, government agencies and consumers. Implement Email Authentication to reduce the incidence of spoofed and forged email, which may lead to identity theft, and the distribution of malware and tarnish your brand reputation.

4.Cybercriminals are increasingly snooping and eavesdropping on wireless connections, including airports, coffee shops and the library. Always-on SSL (AOSSL) encrypts all connections and communication -- including users’ names and passwords. This standard is now implemented by leading sites including Twitter, Facebook, PayPal and Microsoft.

5.Enable automatic patch management for operating systems, applications, including add-ons and plugins. Proactive patch management can harden your system from known vulnerabilities. End-of-life applications that are no longer supported should be removed or used in isolated and secure sessions.

The complete 2012 list also includes steps regarding protections of internal infrastructures to safeguard customer data and business continuity. The list builds on OTA’s 2012 Data Protection and Breach Readiness Guide, released in January, which identifies key recommendations to help businesses protect their data and be prepared for a breach and data loss incident. The guide highlighted that in 2011, over 125 million people were affected by data loss incidents costing businesses over $6.5 billion. Almost half of 2011’s breaches could have been avoided through implementation of simple or intermediate controls as outlined in OTA’s recommendations.

To view the complete and updated list for 2012 on ways businesses can protect consumers from being fooled, please go to: https://otalliance.org/2012tips.html.

About The Online Trust Alliance (OTA) https://otalliance.org

OTA’s mission is to develop and advocate best practices, public policy and self-regulation to mitigate emerging privacy, identity and security threats to online services, brands, government, organizations and consumers. By enhancing online trust and confidence, we can realize the potential of the internet; promote innovation; and further the vitality of commerce.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
CVE-2021-3151
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...
CVE-2021-3197
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.