With April Fool's Day coming up, it's a great time to consider ways of preventing your customers, users, business, and yourself from being fooled by spammers and other high-tech malefactors. To get some advice, I spoke with, Craig Speizle, the executive director and president of Online Trust Alliance (OTA), a member-driven organization committed to helping businesses protect themselves and their customers against any potential security breach that could compromise identities as well as consumer trust.
These recommendations are targeted at small to medium businesses (SMBs), though Fortune 100 companies could benefit from implementing these suggestions if they're not already doing them. To put some context around the advice, Speizle says, "There's a recurring trend of some of the common breaches or incidents that some simple precautions, some simple operational disciplines, could have resolved. It's estimated by multiple organizations that 90 percent of the instances could be prevented. Most companies aren't doing these things, because they're concerned with running their business; they're not security professionals."
Speizle says these fixes are the low-hanging fruit that's often overlooked. They're vendor neutral and cross platform, and they can be done within a matter of a few days with little or no acquisition cost or upgrading costs. So why aren't people already implementing these measures? "Quite frankly," Speizle declares, "it's like a lot of things—we all have the best intentions, but we lose sight of things."
So without further ado, here are OTA's top 10 recommendations to help businesses and government agencies protect their customers' and employees' personal and financial data from being compromised.
1. Use up-to-date browsers. Upgrade all employees to the most current version of browsers that have integrated phishing and malware protection and privacy controls, including support of "Do Not Track" mechanisms and controls. Such controls provide users the control on third-party data collection, usage, and sharing of their online browsing activities, while balancing out the value of ad supported online services. Further, protect site visitors by notifying them of insecure and outdated browsers that lack integrated anti-phishing, malware protection, and online tracking privacy controls. Consider terminating support for end-of-life browsers with known vulnerabilities by preventing logons and providing instructions to upgrade.
"I would say the two leading browsers are Firefox and Internet Explorer 9," Speizle states.
2. Establish and maintain a Domain Portfolio Management program. This includes monitoring look-alike domains and tracking renewals to prevent "drop catching" of expiring domains. Domain locking is recommended to help guard against unintended changes, deletions, or domain transfers to third parties. Such programs and practices can help protect a company's brand assets and consumers from landing on look-alike sites compromising trademarks and trade names.
Speizle explains that companies need to proactively monitor for look-alike domain names that are registered. "I'm sure you've had it happen where you've typed in something wrong by one letter, and the browser comes up with a site where you have to think twice. 'Is this the site? What am I looking at here?'" But what malefactors are doing is capturing that traffic, and potentially, they could be using that site to defraud customers. This monitoring is something you can do yourself, and there are also companies that offer this monitoring as a service.
没有评论:
发表评论