Last year saw a number of high-profile hacks make the news, such as the publishing of naked pictures of celebrities and the massive data grabs from retail giants Target and Home Depot. While everybody was quick to point fingers at malicious hackers, the Online Trust Alliance on Jan. 21 determined that these were part of the 90 percent of hacks that were preventable, had these celebrities and companies been prepared.
The OTA, a nonprofit group focusing on enhancing user-friendly Internet access and data security, chronicled the ways that businesses and people were losing their personally identifiable information (PII). The findings indicate that 40 percent was the result of external intrusions, 29 percent was, accidentally or maliciously, perpetrated by employees within the company due to lack on internal controls, 18 percent were a result of lost or stolen devices, while 11 percent were due to social and engineering fraud.
Hoping to rectify this problem, the OTA identified the 12 most critical, yet achievable, security practices that all companies should follow, as well as collaborating on a framework detailing how to complete an assessment of internal as well as third-party security practices. Among these practices include enforcing effective password management, assessing security protocols of cloud-based partners (which would have kept those naked pictures in the celebrities’ smartphones), and segregating internal systems to prevent hackers from accessing sensitive material in one go (which would have been useful for Target and Home Depot).
The Data Protection & Best Practices Guide and the Risk Assessment Guide, released with this report, contain these and other best practices for businesses to follow. A series of town halls will be held over the next few weeks in Silicon Valley (Jan. 28), New York (Feb. 3), and Washington, D.C. (Feb. 5).