The Online Trust Authority (OTA) released its 2013 Honor Roll today, which reveals the top scoring websites recognized for excellence in privacy, security and consumer protection. To say that I am stunned at the company that finished at the top of the class would be an understatement. I had to look three times to make sure I was reading it right.
It was Twitter. The same company that suffered some serious breaches and just revamped its password procedure because of those breaches. Twitter had the highest overall composite score. The composite analysis focused on three major areas: Domain, Brand & Consumer Protection; Site, Server & Infrastructure Security; and Data Protection & Privacy.
Joining Twitter at the top of the class was American Greetings, which achieved the number one ranking of all Internet retailers. Amazon, Big Fish Games, Bike Bandit, Books-A-Million, iHerb, JackThreads, Levenger Co., LivingSocial, Netflix, Ralph Lauren and Rock Auto qualified for the top 10 eCommerce sites (two sites tied for two rankings are included in the top 10). And yes, LivingSocial surprised me, too, after its recent high-profile breach. Social gaming and dating sites had a higher qualifying percentage than retail or financial sites. OTA said this disparity is attributed to the agility of sites within this segment, their recognition of the importance of data security and privacy, and their infrastructure. Many banks and commerce sites have more complex legacy sites and data centers, which impede their ability to quickly adopt many of the best practices.
To come up with its Honor Roll, OTA completed a comprehensive audit of 750 domains and privacy policies, 10,000+ web pages and over 500 million emails associated with the Internet Retailer 500 (IR500), Federal Deposit Insurance Corporation (FDIC 100), and Top 50 Social and Federal Government sites. Obviously, more important than finding who comes out on top is the discovery of how companies are breached. According to the findings, 40 percent of data breaches last year were caused by hacking, while 52 percent incorporated malware. And the vast majority – 97 percent – were avoidable breaches. Think about that number. 97 percent of all breaches were avoidable. You have to ask, what aren’t companies doing to better improve security from the inside?
The companies on the Honor Roll are doing something right – otherwise they wouldn’t be there. But as Twitter’s efforts to improve its security show, companies can continue to do more.