OTA Releases 2011 Top Recommendations for April Fool’s Day
Urging Businesses to Vigorously Protect Customer Identities
Simple Precautions to Protect Site Visitors, their Data & Identity from the Most Common Cybercriminal & Privacy Exploits

Seattle, Washington – March 31, 2011 – The Online Trust Alliance (OTA) announced the release of their “2011 Top 10 Recommendations to Help Businesses Protect Consumers From Being Fooled.” This document includes a list of techniques and procedures, which can easily be implemented to help businesses and government agencies protect their customers' and employees' personal and financial data from being compromised. OTA developed the list to address the most common and dangerous threats based on a review of thousands of fraudulent emails, data breaches, hacking, and identity theft incidents.

“The Internet has become a foundation of commerce, communication and community. As such, business and government have a shared responsibility to take steps to curb cybercrime and online abuse,” said Senator Joe Lieberman. “There are a lot of simple, common-sense steps that both businesses and consumers can take to make them more secure. I applaud OTA’s efforts to promote practices which enhance the Internet’s integrity, privacy, security and resiliency.”

“The Online Trust Alliance should be commended for tirelessly working to inform businesses about how to better protect consumers from unscrupulous operators who employ deceptive practices that are designed to make a mockery of customers’ security and privacy," said Congressman Bobby Rush. "The ten simple precautions, which OTA has outlined, are workable, accessible, and affordable. I encourage all businesses having exposure in the online, storage, and data sectors, among others, to think seriously about integrating each and every one into a regular and consistent regimen. That way, they will be taking reasonable measures to avoid finding themselves, in the event of a breach or violation, in an unenviable position of having to explain to their employees, patients, customers, and the consumers who rely on their systems and networks each and every day why they didn’t take added reasonable and cost-justifiable measures.”

“The vast majority of cybersecurity and identity theft threats can be prevented with simple but effective actions. These recommended steps, which can be implemented quickly to help U.S. businesses and government agencies protect their data, and, just as importantly, their customers' privacy and identities,” said Craig Spiezle, Executive Director and President of the OTA. "As stewards of data and consumer trust, the public and private sectors now have the opportunity to enhance online trust and confidence while promoting innovation, growth, and vitality of online services.”

OTA’s 2011 Top 10 Recommendations address the most frequent exploits including malicious email, phishing, and deceptive websites.  An excerpt of the full list follows:  

1. Protect site visitors by Notifying Them of Insecure and Outdated Browsers that do not have integrated anti-phishing, malware protection and online tracking privacy controls.  This is particularly important given the increase in social media targeted exploits and use of cloud services.

2. Establish and maintain Domain Portfolio Monitoring which includes monitoring look-alike domains and tracking renewals to prevent “drop catching” of expiring domains and domain locking to help guard against unintended changes, deletions or domain transfers.

3. Email Authentication to reduce the incidence of spoofed and forged email, helping to prevent identity theft and the distribution of malicious malware from tarnishing your brand reputation.  Authenticated email allows ISPs, mailbox providers and corporate networks an added ability to block deceptive email and protect online brands and sites from deception.

4. Upgrade to Extended Validation SSL Certificates (EV SSL) for any banking and ecommerce sites which collect personal or financial information.  Use of EV SSL certificates help to increase consumer confidence of online brands by turning the address bar green.

5. Continuously monitor Third-Party Code, Links and Advertising on your site to help prevent malicious content and ads. Request third-party content providers and ad networks to adopt anti-malvertising guidelines.

The 2011 list of 10 also includes steps regarding protections of internal infrastructures to safeguard customer data and business uptime. The list comes on the heels of the OTA’s 2011 Data Breach & Loss Incident Planning Guide, which identifies key questions and recommendations to help businesses in breach prevention and incident management.

The guide highlighted that in 2010 over 26 million consumer records were compromised, costing businesses over $5.3 billion. Based on OTA analysis, and confirmed by the 2010 Data Breach report by Verizon and the U.S. Secret Service, over 90% of breaches are avoidable through simple or intermediate controls as outlined in OTA’s recommendations. 

About The Online Trust Alliance (OTA) https://otalliance.org
Formed in 2004, the Online Trust Alliance (OTA) is a global non-profit organization representing the Internet ecosystem, supporting user choice and controls, protection of critical infrastructure, privacy and data governance, promoting marketing best practices and self-regulation. The OTA’s mission is to develop and advocate best practices and public policy which mitigate emerging privacy, identity and security threats to businesses, online services, brands, government agencies, organizations and consumers, thereby enhancing online trust and confidence.

For media inquiries contact: