In a world where customers are frequently being taken advantage of online, a business’s top priority is to protect their most prized asset: the client. With that in mind, the Online Trust Alliance (OTA) has issued its Top 10 recommendations for 2011 to help businesses protect consumers from being fooled. The list includes techniques that businesses can use to help their customers (and even their employees) from deceptive and malicious online threats. Here are the top five:
- Upgrade all employees to the most current version of browsers that have integrated phishing and malware protection and privacy controls including support of “Do Not Track” mechanisms and controls. Such controls provide users the control on third party data collection, usage and data sharing of their online browsing activities, while balancing out the value of ad supported online services. Encourage consumers to update their browsers by notifying them of insecure and outdated browsers. In addition consider terminating support for end-of-life browsers with known vulnerabilities by preventing log-ons and providing instructions to upgrade.
- Establish and maintain a Domain Portfolio Management program that includes monitoring look-a-like or homograph-similar domains and tracking renewals to prevent “drop catching” of expiring domains. Domain locking is recommended to help guard against unintended changes, deletions or domain transfers to third parties. Such programs and practices can help protect a company’s brand assets and consumers from landing on look-alike sites compromising trademarks and trade names.
- Adopt Email Authentication including both SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to help reduce the incidence of spoofed and forged email, helping to prevent identity theft and the distribution of malicious malware from tarnishing your brand reputation. Authenticated email allows ISPs, mailbox providers and corporate networks an added ability to block deceptive email, reduce false positives and protect online brands and sites from deception.
- Encrypt all data files containing customer profiles, email address and or PII, which are transmitted externally or stored on portable devices or media including flash and USB drives.
- Upgrade to Extended Validation Secure Socket Layer Certificates (EVSSL) for all sites requesting sensitive information including registration, e-commerce, online banking and any data which may request PII or sensitive information. Use of EVSSL certificates help to increase consumer confidence of your online brand. When an EVSSL is presented, the address bar turns green providing the user a higher confidence level the site and company they are visiting is a legitimate business.
“The Internet has become a foundation of commerce, communication and community. As such, business and government have a shared responsibility to take steps to curb cybercrime and online abuse,” said Senator Joe Lieberman. “There are a lot of simple, common-sense steps that both businesses and consumers can take to make them more secure. I applaud OTA’s efforts to promote practices which enhance the internet’s integrity, privacy, security and resiliency.” Click for the complete list of OTA’s top 10 recommendations.