• by Laurie Sullivan  @lauriesullivan, January 21, 2015

Dependency on cloud computing, outsourcing requirements and interconnected devices will eventually force the advertising industry to follow comprehensive security controls and practices to reduce the risk of data breaches.

More than 90% of the 500 data breaches that occurred from January to June 2014 could have easily been prevented, per a report released Wednesday from The Online Trust Alliance (OTA).

The OTA's 2015 Data Protection Best Practices and Risk Assessment Guides reveals 40% of the more than a thousand breaches analyzed resulted from external intrusions; 29%, by employees, accidentally or maliciously, due to a lack of internal controls; 18% attributed to lost or stolen devices or documents; and 11% to social engineering, forged email and fraud. The data breaches involved the loss of personally identifiable information (PII), as reported by the Open Security Foundation (OSF).

Some of the recommendations include enforcing effective password management by using multi-factor authentication; unique passwords for external vendor systems; strong internal passwords of eight characters with a combination of letters and numbers; remove or disable default account from devices not being used; and permit only authorized wireless devices to connect to the network. OTA goes through all in detail.

The OTA also identified the top dozen most critical security practices that all companies should follow as a companion to the Data Protection Best Practices Guide.

In its Risk Assessment Guide, OTA introduced a framework detailing how to complete an assessment of both one’s own security practices and that of third-party vendors upon which businesses are increasingly reliant. These practices complement those recently outlined by President Obama to enhance data and consumer protection.

The best practices directly correlate to some of the most infamous data breaches of the last two years. For instance, enforcing effective password management and assessing security protocols of cloud-based partners would have prevented the 2014 hacking of private celebrity photos, per the OTA. The risk assessment guidelines suggest that brands need to understand international regulation and privacy directives related to specific businesses.

Also, the OTA believes assessing third-party vendor partners for vulnerabilities and segregating internal systems from external would have helped prevent and contain breaches impacting major retailers, including Target and Home Depot.