By the DynaSis Team
As news of the data-breach class-action suit against restaurant chain P.F. Chang’s reverberates around the Internet, a recently released survey has confirmed what a lot of experts have been asserting—that corporate websites are nowhere near as safe as their operators might hope. (For those that don’t follow online security news or have been on vacation in Bora Bora, P.F. Chang’s suffered a massive credit-card data breach in June 2014.)
The report, released by the Online Trust Alliance (OTA), found that 71% of top consumer websites did not sufficiently adhere to online security and privacy best practices. The OTA branded them with the designation of “untrustworthy,” because they expose their customers to potential data leaks, security breaches and privacy concerns. (The OTA performs this audit yearly; it just happened to coincide with the P. F. Chang’s disaster.)
For this report, the OTA examined the privacy and security practices of 800 leading sites that target consumers, from Walmart.com to Ancestry.com, and assigned them a grade for “online trust.” For the evaluation, the OTA considered three categories of best practices―domain/brand protection, privacy and security―for both the sites themselves and any related mobile apps they offer. (Twitter scored the highest grade for privacy and security.)
Among the top sites, 28.8% made the Honor Roll, meaning they safeguard data in the three categories listed above. That sounds pretty good until you consider that 52.7% of examined sites failed completely in at least one category. Among news and media sites―which many, many people read both at home and at work―only 4% qualified for the Honor Roll. Of perhaps greatest concern, however, was that banking websites and the Internet Retailer 500 (the online retail “big boys) performed dismally as well, with 65% and 57% failing, respectively. (Those numbers really shocked us.)
Given that the TOP 800 sites performed so dismally, where does that leave Internet users? Likely, in pretty scary territory. So, what’s the takeaway for business owners? In our view, there are several.
1. Inform your employees about the report and urge them to avoid sites that failed, both at home and at work. The weakest link in everyone’s security chain is the human one.
2. Understand that not providing personal data won’t necessarily make a site safe, because some harvest information off any device that accesses the site.
3. Know that mobile apps are even more likely to harvest data―they tell users that up front, but most ignore the warning. Caution users about this issue and deploy a corporate solution that monitors device app usage (see last week’s post).
On a separate but equally crucial front, if you host a Website that collects or stores any sensitive data from your customers, we strongly urge you to have it evaluated for adherence to privacy and security best practices. Furthermore, if you accept, transmit or store credit card data, you must comply with PCI (payment card industry) guidelines.
A large chain like P. F. Chang’s can likely weather the fall-out from a major data breach or the fines from failing to meet PCI requirements. It is a sad but honest fact that smaller businesses cannot.
If this entire discussion mystifies you, know that you are not alone. Many of our customers don’t have the time or technical expertise to explore these types of issues and take action. That’s why we are here. To learn more about what you can do to safeguard your website, your business and your workers, fill out our inquiry form or give us a call at 678.218.1769.