Staying Safe Online

STAYING SAFE ONLINE Whom do you trust to secure your data? 117% INCREASE IN THE NUMBER OF DATA BREACHES WOULD YOU FREELY ADVERTISE YOUR PERSONAL INFORMATION ONLINE? That is exactly what you do when your bank, favorite social network or online retailer does not take the proper precautions to protect your security and privacy. DATA BREACH In 2012, there were 2644 reported breaches worldwide, exposing 267 000,000 records' 3 in 4 LEADING ONLINE RETAILERS and TOP 100 U.S. BANKS are FAILING TO ADOPT online security & privacy best practices. ATTACKS ON THE RISE According to the Online Trust Alliance 2013 Data Protection & Data Breach Readiness Guide: 2 52% 40% $94 MILLION USD • 40% of all data breaches were caused by hacking the estimated direct costs incurred by credit card processor Global Payments, as the result of a data breach, in which 26 million records were lost 2012 • 52% incorporated malware Per the US Secret Service, FBI and Verizon up to 97 percent of data loss incidents were avoidable. 2012 (not to mention the reputational and business harm incurred). WHERE CAN WE PLACE OUR TRUST? Online Trust Alliance 2013 ONLINE TRUST HONOR ROLL REPORT CRITERIA 3 Measurement Categories: 2: Site, Server & Infrastructure Security Domain, Brand & Consumer Protection Data Protection, Privacy & Transparency The annual Online Trust Honor Roll highlights data protection, privacy and security across the Web while distinguishing companies leading with best practices that protect consumers. OTA ONLINE TRUST HONOR ROLL 83 54 52 View the full 2013 report to see who has made the grade and learn how to improve your score: 25x 26x 2225x https://otalliance.org/2013HonorRoll.html 3 IR 100 R 500 FDIC 100 SOCIAL 50 OTA 1 2012 1 2013 Percent of sectors achieving Honor Roll status O OTA SCOPE OF 2013 HONOR ROLL ONLINE TRUST HONOR ROLL 2013 RECIPIENT OTA REVIEWED MORE THAN 750 10,000- 500a om MILLION domains and privacy policies web pages emails Associated with the Intermet Retailer 500 IR 500) Federal Deposit nsurance Corporation (FDIC 100), and Top 50 Social and Federal Covernment Stes. OTA ONLINE TRUST INDEX 82 84% 75% 71% 7% 74% 66z 70z 76% 80% IR 100 IR 500 FDIC 100 SOCIAL 50 OTA I 2012 I 2013 SOCIAL NETWORKING NORTH STARS MAKING THE GRADE TOP PERFORMERS Social networking sites outpaced other sectors 2 to l in adopting privacy, data and security best practices. AMERICAN GREETINGS 2:1 Leading the way: 83% of OTA MEMBERS 52% of the SOCIAL 50 https://otalliance.org/2013HonorRoll.html made the Honor Rol. * Social networks include dating, emai, photo and document sharing sites. ON THE RISE USE OF SSL/TLS AUTHENTICATION AND ENCRYPTION UP 10% 128% Average SSL/TLS scores improved 10% in all sectors, even with stricter criteria than last year to account for vuherabilities to common attacks EVSSL adoption grew 28 percent over 2012 folowing a 48-percent increase in 201, FDIC 100 leads all sectors in the adoption of EVSSL (60%) and Always on SL (616) E-MAIL AUTHENTICATION PRIVACY MORE VALUED Use of SPF and DKIM up 20% for IR 100 (leading internet retailers), 15% for FDIC 100 (top banks). and doubled for federal government in 2012. Privacy scores are up across all industries. OTA member companies led the way with an average 83% score, up 5% from 2012 (78%). DMARC enjoys 10% adoption overall (with organizations in all sectors asserting a "reject" or "quarantine' policy for email that fails authentication). NOT MAKING THE GRADE IS YOUR PRIVACY BEING PROTECTED? Companies that did not make the 2013 Honor Roll Among companies that did not make the 2013 Honor Roll, the lack of privacy provisions stood out. Conversely, the Social 50 had the highest privacy Scores among all sectors with an average of 76.2 1 out of 3 companies evaluated received a failing privacy score. 7 IN 10 LEADING BANKS AND HALF OF TOP ONLINE RETAILERS RECEIVED FAILING GRADES IN ONE OR MORE CATEGORIES Privacy is a major weakness for FDIC 100 due to: sharing data with unaffiliated third parties and lower overall adoption of email authentication, WHAT CAN BE DONE? 10 Steps to Improve and Protect Brand, Privacy and Security: Improve SSL implementation score, specifically addressing common vulnerabilities and weak protocol suites. Adopt OTA's Top 10 Recommendations for business, consumer and brand protection. Review privacy policies to ensure data will not be shared inappropriately and audit all third-party tracking and applications added to the site. Upgrade all certificates to 2048 bit or ECC. Upgrade to EV SSL Certificates and consider adopting Always On SL. Review WHOIS information. Implement both SPF and DKIM across all domains and subdomains. Initiate planning and deployment of DNSSEC. Implement a data breach readiness plan. Publish DMARC Records. OTA resources available at: https://otalliance.org/2013HonorRoll.html Prodiced y lygert Gdigicert Resources O 2012 Data Breach Overview, sponsored by Risk Based Security and the Open Security Foundation. (published Feb 2013) http://www.riskbasedsecurity.com/reports/2012-DataBreachQuickView.pdf [21 Data Protection & Breach Readiness Guide https://otaliance.org/breachhtml [3] OTA Honor Rall Report https//otaliance.org/2013HonorRollhtml