The Internet Society has revealed five recommendations it hopes will improve online trust and help organizations better mitigate the risk of data breaches.
Its 2016 Global Internet Report claims data breaches are spiralling out of control, which in turn is causing consumers to hesitate going online.
Organizations are spending more on prevention, but this is not having a noticeable effect on the number or impact of breaches, it adds.
The report continues:
“Why are organisations not taking all available steps to protect those who entrust them with their personal information? Is it because they do not bear all the costs of the data breaches? Is it because there is not enough benefit to them in better protecting their users’ data? The answer to both questions is yes.”
Organizations must revisit their approach to put users front and center of solutions and increase transparency through breach notifications and disclosure, the Internet Society recommends.
The latter will in any case be forced upon all organizations which deal with the data of European citizens, according to the requirements of the European General Data Protection Regulation, set to come into force in May 2018.
Next up, the non-profit recommends best practice data security be made a priority. This could include preventative measures such as patching vulnerabilities, blocking phishing emails and embedded malware and training employees to spot attacks.
Firms can also mitigate risk by only collecting the minimum amount of user data required to run services, and encrypting data in transit and at rest, the report continues.
The Internet Society also advocates new rules regarding liability and remediation which place accountability for any breach firmly on the organization’s shoulders.
It concludes that by creating a market for trusted and independent assessment of the measures that firms put in place to keep customer data safe, they can begin to differentiate by indicating how secure they are.