Skip to content ↓ | Skip to navigation ↓


The Online Trust Alliance (OTA), a non-profit organization focused on enhancing online trust and privacy among users, revealed that more than 90 percent of data breaches that occurred in the first half of 2014 could have been prevented using critical security best practices.

Additionally, OTA discovered that only 40 percent of these incidents were caused by external intrusions, while 29 percent were the result of employee error (intentional or accidental), due to a deficiency in internal controls.

Furthermore, OTA reported 18 percent of these incidents were attributed to lost or stolen devices or documents, and 11 percent as a result of social engineering attacks or fraud.

The results of the study were based off the analysis of more than 1,000 breaches resulting in the loss of personally identifiable information (PII) provided by the Open Security Foundation (OSF) and the Privacy Rights Clearinghouse.

In response to these findings, the organization released its 2015 Data Protection Best Practices, identifying “the top 12 most critical yet achievable security practices that all companies should follow.”

Recommendations include:

  1. Enforcing effective password management policies.
  2. Running accounts with least privilege user access (LUA).
  3. Hardening client devices by deploying multi-layered firewall protections.
  4. Conducting regular penetration tests and vulnerability scans.
  5. Requiring email authentication on all inbound and outbound mail streams.
  6. Implementing a mobile device management program.
  7. Continuously monitoring in real-time the security of your organization’s infrastructure.
  8. Deploying web application firewalls to detect/prevent common web attacks.
  9. Permitting only authorized wireless devices to connect to your network.
  10. Implementing Always On Secure Socket Layer (AOSSL).
  11. Reviewing server certification for vulnerability and risks of your domains being hijacked.
  12. Developing, testing and continually refining a data breach response plan.

Apart from these best practices, OTA also made available a Risk Assessment Guide for organizations, as well as third-party providers. The framework details valuable questions that organizations should answer to better understand their data security and privacy practices.

“Businesses are overwhelmed with the increasing risks and threats, yet all too often fail to adopt security basics,” said Craig Spiezle, OTA Executive Director and President. “Releasing the Guides and best practices . . . will provide businesses with actionable advice. When combined with other controls, these can help prevent, detect, contain and remediate data breaches.”

The non-profit’s efforts come in advance of the eight annual Data Privacy and Protection Day (DpD) on January 28, 2015 – a national awareness day aimed to remind companies of “the critical importance of respecting consumers’ privacy and safeguarding their personal data.”