Top 10 Ways Businesses Can Protect Consumers

In a world where customers are frequently being taken advantage of online, a business’s top priority is to protect their most prized asset: the client. With that in mind, the Online Trust Alliance (OTA) has issued its Top 10 recommendations for 2011 to help businesses protect consumers from being fooled. The list includes techniques that businesses can use to help their customers (and even their employees) from deceptive and malicious online threats. Here are the top five:

  1. Upgrade all employees to the most current version of browsers that have integrated phishing and malware protection and privacy controls including support of “Do Not Track” mechanisms and controls. Such controls provide users the control on third party data collection, usage and data sharing of their online browsing activities, while balancing out the value of ad supported online services. Encourage consumers to update their browsers by notifying them of insecure and outdated browsers. In addition consider terminating support for end-of-life browsers with known vulnerabilities by preventing log-ons and providing instructions to upgrade.
  2. Establish and maintain a Domain Portfolio Management program that includes monitoring look-a-like or homograph-similar domains and tracking renewals to prevent “drop catching” of expiring domains. Domain locking is recommended to help guard against unintended changes, deletions or domain transfers to third parties. Such programs and practices can help protect a company’s brand assets and consumers from landing on look-alike sites compromising trademarks and trade names.
  3. Adopt Email Authentication including both SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to help reduce the incidence of spoofed and forged email, helping to prevent identity theft and the distribution of malicious malware from tarnishing your brand reputation. Authenticated email allows ISPs, mailbox providers and corporate networks an added ability to block deceptive email, reduce false positives and protect online brands and sites from deception.
  4. Encrypt all data files containing customer profiles, email address and or PII, which are transmitted externally or stored on portable devices or media including flash and USB drives.
  5. Upgrade to Extended Validation Secure Socket Layer Certificates (EVSSL) for all sites requesting sensitive information including registration, e-commerce, online banking and any data which may request PII or sensitive information.  Use of EVSSL certificates help to increase consumer confidence of your online brand. When an EVSSL is presented, the address bar turns green providing the user a higher confidence level the site and company they are visiting is a legitimate business.

“The Internet has become a foundation of commerce, communication and community. As such, business and government have a shared responsibility to take steps to curb cybercrime and online abuse,” said Senator Joe Lieberman. “There are a lot of simple, common-sense steps that both businesses and consumers can take to make them more secure. I applaud OTA’s efforts to promote practices which enhance the internet’s integrity, privacy, security and resiliency.” Click for the complete list of OTA’s top 10 recommendations.

Yes, It’s Data Privacy Day

It may surprise you, as it did me, to learn that today is Data Privacy Day, an “international celebration of the dignity of the individual expressed through personal information.” But Data Privacy Day also highlights the need for individuals to protect their data and how they can go about doing so.

There are many organizations out there that aim to help individuals protect their personal information and help businesses comply with data protection laws and regulations. The Online Trust Alliance is one such organization, whose mission is to create an online trust community, promoting business practices and technologies to enhance consumer trust globally. They recently released their “2011 Data Breach Incident Readiness Guide” to help businesses in breach prevention and incident management.

According to their newest guide, the true test for organizations and businesses should be the ability to answer key questions such as:

  1. Do you know what sensitive information is maintained by your company, where it is stored and how it is kept secure?
  2. Do you have an incident response team in place ready to respond 24/7?
  3. Are management teams aware of security, privacy and regulatory requirements related specifically to your business?
  4. Have you completed a privacy and security audit of all data collection activities, including cloud services, mobile devices and outsourced services?
  5. Are you prepared to communicate to customers, partners and stockholders in the event of a breach or data loss incident?

With the White House, members of Congress, Commerce Department and the FTC calling for greater privacy controls and breach notifications, self-regulation by businesses is becoming more and more important.

Google, one of the supporters of Data Privacy Day and the initiatives of The Privacy Projects, is hosting a public discussion on privacy later this afternoon with representatives from the Electronic Frontier Foundation, the FTC and the National Institute of Standards and Technology scheduled to attend. If you can’t stop by Google’s DC office for this event, don’t worry — it will be captured on video and posted to YouTube soon after.