10 Recommendations to Help Protect Businesses and Consumers from Being Fooled

The Online Trust Alliance (OTA) has released their "2011 Top 10 Recommendations to Help Businesses Protect Consumers From Being Fooled," which includes a list of techniques and procedures that can be implemented to help businesses and government agencies protect their personal and financial data from being compromised. The list, which examines the most common and dangerous threats, was based on a review of thousands of fraudulent emails, data breaches, hacking, and identity theft incidents.

The 2011 Top 10 recommendations address the most frequent threats, including malicious e-mail, phishing and deceptive Websites, and emerging threats that impact online trust and confidence.

1. Upgrade all employees to the most current version of browsers that have integrated phishing and malware protection and privacy controls, including support of "Do Not Track" mechanisms and controls.

2. Establish and maintain a domain portfolio management program that includes monitoring look-a-like or homograph-similar domains and tracking renewals to prevent "drop catching" of expiring domains.

3. Adopt e-mail authentication, including both SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail), to help reduce the incidence of spoofed and forged email, helping to prevent identity theft and the distribution of malicious malware from tarnishing your brand reputation.

4. Encrypt all data files containing customer profiles, e-mail address, and or PII, which are transmitted externally or stored on portable devices or media including flash and USB drives.

5. Upgrade to Extended Validation Secure Socket Layer Certificates (EV SSL) for all sites requesting sensitive information, including registration, ecommerce, online banking, and any data that may request PII or sensitive information.

6. Develop and test a proactive Breach & Data Loss Incident plan to be prepared for data breach and data loss incidents, minimizing the risk and impact to customers and business partners.

7. Require strong passwords and educate users on effective Password Management to minimize the risk of account takeovers.

8. Enable automatic patch management for operating systems, applications, including add-ons and plugins.

9. Continuously monitor third-party code, links and advertising on your site to help prevent malicious content and ads being served on your site.

10. Enable encryption on all wireless routers and Access points and hide your SSID (Service Set Identifier Names), or name it to help ensure that SSID does not provide details that identify your business.

For more information about the 2011 Top 10 Recommendations to Help Businesses Protect Businesses and Consumers From Being Fooled, read the full article:https://otalliance.org/resources/2011top10tips.html