Website security audit shows banks and government drop the ball
Banks and government agencies always push us to do business online, but many of them get a failing grade when it comes to website security.
The latest online security audit by the Online Trust Alliance shows mixed reviews for websites that collect your your private information.
Healthcare.gov scored high for both tight security and strong privacy. The U.S. Census Bureau website made the security and privacy honor roll for the third straight year. Ditto for the U.S. Postal Service, which increasingly offers postal services online.
But OTA analyst Craig Spiezel says 6 in 10 government websites failed the audit, scoring even lower than last year.
"A failure can mean many things," said Spiezle. "One is the data is not being kept secure, the sites are not being maintained, that's one big bucket."
Spiezle said the audit also looks at the history of major data breaches, federal fines for deceptive practices and the true transparency of website privacy policies. A website may say you're not being tracked, but is that really true?
"We're using the same exact tools that are available to anyone, including cyber criminals," Spiezle said.
This year, the OTA audit shows the top 100 banks in the country also had more failures this year.
The OTA security audit shows 65 percent of the banks failed to make the grade. 24 percent had large data breaches and 8 percent were fined for consumer protection violations by the Consumer Financial Protection Bureau, one of the regulatory agencies the Trump Administration wants to eliminate.
Rather than list companies and agencies that failed its security audit, the Online Trust Alliance said focusing on those that made the honor roll lets you know who's doing a good job and encourages other to improve.
If a major company or agency you deal with online is not on the honor roll, you can use the information to call them out, put on the pressure, and hold them accountable, which in some cases may mean taking your business somewhere else.