Following the recent data breach to online marketing firm Epsilon, email protection is likely on the mind of many data security professionals these days. However, according to a recent report from the Online Trust Alliance, the majority of corporate and government email security practices are lacking.
In its 2011 Online Safety Honor Roll report, the OTA reported that 74 percent of top-performing websites did not go far enough to protect consumers from malicious emails, online fraud and other data privacy threats.
The OTA’s criteria includes the adoption of standards-based security practices, including malware and vulnerability testing and the implementation of email authentication Extended Validation SSL Certificates. In a survey of 1,112 web domains of public and private organizations, the OTA said only 26 percent were recognized for employing adequate data protection practices and qualified to be named to the 2011 OTA Online Safety Honor Roll.
While this is a significant improvement from last year’s report, in which only 8 percent of surveyed domains qualified, it does shed light on the lack of effective security practices rampant in both the private and public sectors.
“While the level of adoption is failing to adequately protect consumers, the commitment and growth within the public and private sectors is encouraging,” said OTA executive director Craig Spiezle. “Government and business leaders need to commit to these guidelines to help prevent a consumer trust meltdown and protect the vitality of the U.S. economy.”
The OTA’s report is particularly timely, given the recent high-profile data breaches to Epsilon and Sony’s PlayStation Network. Both these incidents highlight the shortcomings of many enterprise data protection policies, and the embarrassing consequences that can ensue. Not only can data breaches result in heavy fines from industry and federal regulators, they can also do significant damage to a company’s reputation and, thus, its bottom line.