Whether you’re buying for your business or your home, the security of financial information should always be top of mind.
CIO recently published a slideshow of the Top 12 Retailers for Security and Privacy Practices based on the Online Trust Alliance’s(OTA) annual Online Trust Honor Roll audit. The OTA is a non-profit organization with the mission to enhance online trust, while creating top practices for privacy and security. This year, its annual honor roll reviewed more than 750 domains and privacy policies, 10,000-plus web pages and over 500 million emails to get the top companies. These 12 companies are leading the charge in online safety in the retail space.
A few key findings of the 2013 Online Trust Honor Roll:
- 32% of companies qualified, with the overall top score being awarded to Twitter.
- Though 26% of the Internet Retailer 500 made the Honor Roll, a slight improvement over 2012, 53% are still failing to achieve passing scores in one or more categories, unnecessarily exposing users to security, privacy and social engineering threats.
The OTA created an informative infographic that shows in 2012, there were 2,644 reported breaches worldwide, exposing 267,000,000 records. It also cites that three in four of leading online retailers and top 100 U.S. banks are failing to adopt online security & privacy best practices. But in showing those statistics, they also provide the following tips about how to stay safe online:
- Improve SSL implementation score, specifically addressing common vulnerabilities and weak protocol suites.
- Upgrade all certificates to 2048 bit or ECC.
- Upgrade to EV SSL Certificates and consider
- Adopting Always On SSL.
- Implement both SPF and DKIM across all domains and subdomains.
- Publish DMARC Records.
- Adopt OTA’s Top 10 Recommendations for business, consumer and brand protection.
- Review privacy policies to ensure data will not be shared inappropriately and audit all third-party tracking and applications added to the site.
- Review WHOIS information.
- Initiate planning and deployment of DNSSEC.
- Implement a data breach readiness plan.
For a complete list of the companies who made the honor roll, click here and share with us ways you protect your data.