latest updates from easySERVICE™
The Online Trust Alliance (OTA), a non-profit geared towards enhancing online trust and assisting businesses in their best practices and risk assessment, released its 2015 Data Protection Best Practices and Risk Assessment Guides on Wednesday. The organization says that in January to June last year, only 40 percent of data breaches involving the loss of personally identifiable information (PII) were caused by external intrusions — while 29 percent were caused either accidentally or maliciously by employees.
OTA says a lack of internal controls, lost or stolen devices and documents, as well as social engineering and fraud were to blame for almost 30 percent of data loss incidents suffered by businesses.
In OTA’s Risk Assessment Guide, the organization asks questions that IT decision makers must ask themselves if they are going to assess the risk of business practices against cyberthreats. Not only does a modern-day business have to ask if its own security practices are up to scratch, but whether third-party vendors — such as those in the supply chain or providing outsourced IT services — constitute a threat to security.
Some of the questions corporations need to ask themselves are detailed below:
After analyzing over a a thousand breaches involving PII, the non-profit has put together 12 ‘critical’ security practices in another guide that companies should follow in order to lessen the risk of a cyberattack — as well as minimize potential damage in a threat landscape which is becoming more dangerous by the year. OTA says that if the practices listed below were adhered to, the 2014 hacking of celebrity photos and the data breaches suffered by major US retailers such as Target may not have occurred.
In summary, OTA recommends that the enterprise:
Craig Spiezle, Executive Director and President of OTA commented:
“Businesses are overwhelmed with the increasing risks and threats, yet all too often fail to adopt security basics. Releasing the Guides and best practices in advance of Data Privacy Day will provide businesses with actionable advice. When combined with other controls, these can help prevent, detect, contain and remediate data breaches.”
The OTA’s guides are due to be presented at three upcoming OTA Town Halls in Silicon Valley, New York and Washington DC, where executives and leaders from groups ranging from the FBI to PayPal and Twitter will be present.
Source: Associated Press