Is Your Website Failing to Keep Customers’ Data Secure and Private?

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.itbusinessedge.com/blogs/data-security/is-your-website-failing-to-keep-customers-data-secure-and-private.html

The Online Trust Alliance (OTA) recently released its 2015 Online Trust
Audit & Honor Roll. For the report, OTA analyzed approximately 1,000
websites in three categories: consumer protection, privacy and security.
According to a release, the seventh annual audit now includes websites of
the top 50 leading Internet of Things device makers, wearable technologies
and connected home products.

It’s tough to make the honor roll; that’s what makes it special. But then,
this is the type of honor roll you want companies to make, especially if it
is a company you do business with (or if it is your website being
evaluated). Unfortunately, nearly half of all of the websites failed. Even
more alarming was that the new category of IoT had an even more dismal
showing, with a 76 percent failure rate.

In an ITProPortal article, Craig Spiezle, executive director and president
of OTA, stated:


"The results of this audit serve as a wake-up call to Internet of Things
companies who are handling highly sensitive, dynamic and personal data. In
rushing their products to market without first addressing critical data
management and privacy practices, they are putting consumers at risk and
inviting regulatory oversight."

News media sites fared the worst, with 80 percent of them failing to make
the grade in the three criteria. Retail sites have seen the greatest
improvement, with a jump from 24 to 42 percent of industry sites making the
honor roll. Perhaps the lessons of Target and other retail breaches have
begun to sink in?

For the third year in a row, Twitter was named the figurative
valedictorian, as it had the highest scores of all the websites. I admit,
it surprises me because Twitter does have its share of security and privacy
issues. It seems like Twitter accounts are regularly being hacked. On the
other hand, how bad must security and privacy and consumer protection on
websites be, especially when you consider the audit found that social media
sites have the highest level of honor roll inductees? No wonder consumers
are growing more concerned about their security and privacy online. If
companies are failing to make a security honor roll, how else are they
failing their customers’ privacy and security?

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!