Independent researchers at the Online Trust Alliance (OTA), a nonprofit focused on enhancing online trust and ethical privacy practices, published a recent security audit which found that many bank and government websites fail at providing adequate security and privacy. This doesn't exactly inspire confidence.
If an organization of any type falls short in their defense measures, it will only be a matter of time until a hacker targets them. Then again, even the best of us can fall prey to a vicious cybercriminal.
Protect your business from digital disaster by investing in a cybersecurity policy from CyberPolicy. It could be the one thing saving you from financial ruin in the event of a cyberattack.
Flunking the Cybersecurity Test
The OTA's 2017 Online Trust Audit & Honor Roll anonymously audited more than 1,000 websites for security features and privacy practices. There was some good news contained within the report: 52 percent of the sites inspected qualified for the OTA's Honor Roll; the highest percentage in the nine years of consecutive analysis.
To make the Honor Roll, a site must achieve a high score (80 percent or higher) on three categories: consumer protection, site security and privacy. However, the service cannot fail any of the total six categories.
"Sites either qualify for the Honor Roll or fail the Audit," says OTA. "In other words, sites increasingly either take privacy and security seriously and do well in the Audit, or lag the industry significantly in one or more critical areas."
Especially defense-focused sites will earn the honor of being placed in the OTA's Top of Class, which featured consumer-facing sites like Airbnb, Dropbox, Etsy and several Google services.
However, zero banks or government sites reached the Top of Class this year. In fact, "of the top 100 banks analyzed for booth good cybersecurity and privacy practices, 65 percent failed," reports CSO. Much of this was due to an increased number of data breaches, outdated SSL ciphers, un-patched website vulnerabilities and inadequate privacy disclosures.
According to the OTA, "These missteps often reflect a lack of ongoing security discipline, failure to take a user-centric view on privacy, and/or organizations not embracing data stewardship and responsible privacy principles."
I might also be important to note that only 27 percent of the U.S.'s 100 largest banks made the Honor Roll, which is a significant from 55 percent last year. It seems that the banking sector is slipping behind in 2017.
But banks aren't the only flunkies. More than 60 percent of the 100 inspected websites managed by federal agencies received failing grades in one or more categories. According to Security Magazine, "only 39 percent made the Honor Roll, a significant drop from last year's 46 percent."
While we can only wait around and hope that next year's audit sees big improvements, the truth of the matter is that no one can force a site or service to improve their privacy and security features. Your organization might even use some of these un-secure sites without even realizing it, which could open you up to data breach or incursion.
Do the smart thing - Invest in a cybersecurity insurance policy from CyberPolicy today!