OTA Updates April Fool’s List to Combat Spear Phishing

Thursday, March 29, 2012



OTA Updates April Fool’s List: New Efforts to Combat Spear Phishing & Wireless Snooping

It has been four years since the world worried about the havoc a virus called “Conficker” might wreak online on April Fool’s Day, while new threats, including the ramped up spread of botnets, virus-laden advertising and malicious spear phishing are increasing. 

The Online Trust Alliance (OTA) today announced the release of their annual “Top Ten Ways Businesses Can Protect Consumers from Being Fooled,” a list of simple-to-employ recommendations for businesses and government agencies to help protect their customers’ and employees’ personal data, financial assets and devices from being compromised. 

OTA, with data from the FBI, Secret Service and forensics experts, developed the list to address the most common and dangerous threats based on a review of thousands of data loss and identity theft.

“While businesses are making efforts, all too often they are overlooking the fundamentals which could curb upwards of 90% of online threats to their data. We have a shared responsibility to harden our systems and those of our customers. Secure and confident customers are good for business and for the long-term vitality of the digital economy,” said Craig Spiezle, executive director and president of the Online Trust Alliance.

“I want to thank OTA for promoting stronger cyber privacy, security, and resilience. The same way you lock up your business at night to deter criminals, you need to lock up your computer so you’re a less tempting target. OTA’s simple and inexpensive security tips can help our business community take a byte out of cyber crime," said Senator Joe Lieberman.

OTA’s 2012 Top 10 Recommendations address the most frequent exploits including botnets, malicious email, phishing and deceptive websites.  An excerpt of the full list follows: 

1. The browser is the first line of defense, yet over 40% of users have outdated and insecure browsers, lacking integrated anti-phishing, malware protection and online tracking privacy controls. “Why Your Browser Matters” is a helpful resource for all businesses to provide “teachable moments” to site visitors to upgrade their browser at no-cost.

2.  Upwards of 10% of computers are infected by “botnets”.  Scan your systems weekly with tools and resources to help detect, prevent and remediate the threats.

3. Deceptive and malicious email continued to grow in the past year, targeting business users, government agencies and consumers.  Implement Email Authentication to reduce the incidence of spoofed and forged email, which may lead to identity theft, and the distribution of malware and tarnish your brand reputation.

4. Cybercriminals are increasingly snooping and eavesdropping on wireless connections, including airports, coffee shops and the library.  Always-on SSL (AOSSL), encrypts all connections and communication -- including users’ names and passwords. This standard is now implemented by leading sites including Twitter, Facebook, PayPal and Microsoft.

5. Enable automatic patch management for operating systems, applications, including add-ons and plugins.  Proactive patch management can harden your system from known vulnerabilities.  End-of-life applications which are no-longer supported should be removed or used in isolated and secure sessions.

The complete 2012 list also includes steps regarding protections of internal infrastructures to safeguard customer data and business uptime. The list builds on OTA’s 2012 Data Protection and Breach Readiness Guide, released in January, which identifies key questions and recommendations to help businesses in breach prevention and incident management.

The guide highlighted that in 2011 over 125 million people were affected by data loss incidents, costing businesses over $6.5 billion. Almost half of 2011’s breaches could have been avoided through implementation of simple or intermediate controls as outlined in OTA’s recommendations.

To view the complete and updated list for 2012 on ways businesses can protect consumers from being fooled, please go to: https://otalliance.org/2012tips.html.

About The Online Trust Alliance (OTA) https://otalliance.org

OTA’s mission is to develop and advocate best practices, public policy and self-regulation to mitigate emerging privacy, identity and security threats to online services, brands, government, organizations and consumers.  By enhancing online trust and confidence, we can realize the potential of the internet, promote innovation and the vitality of commerce.

Source:  https://otalliance.org/news/releases/2012Top10.html

Possibly Related Articles:
Phishing Enterprise Security malware Social Engineering Cyber Crime Headlines OTA Online Trust Alliance April Fools Day
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.