When it comes to website security, the federal government is doing something right.
U.S. government websites outscored sites from all other sectors in an online trust audit released Tuesday which recognizes excellence in data security, consumer protection and responsible privacy practices.
“To put the audit findings in context, almost every sector improved its security and privacy practices, and the record scores reflect that,” Technical Director of the Internet Society’s Online Trust Alliance Jeff Wilbur said in a statement. “The U.S. government in particular made stunning improvements, from near last in 2017 to top of the class in 2018.”
The tenth annual Internet Society’s Online Trust Audit and Honor Roll reviewed more than 1,200 consumer-facing websites to identify organizations that place a premium on security and privacy—as well as those that can do better. OTA’s report said the federal government category “surged to the front” of the list, with 91 percent of sites placing on the honor roll. It’s a “dramatic turnaround” from last year when government sites bottomed out at 39 percent recognition on the honor roll list.
“The improvements in the government sector are tied to better email authentication. The failure rate in that area dropped from 55 percent to 6 percent and that led directly to their honor roll improvement,” Wilbur told Nextgov. “Many of those changes were driven by Directive 18-01 issued in October 2017 by [the Homeland Security Department], which mandated better adoption of email security technologies.”
The sectors and their associated top-ranked organizations examined included those from the top 100 federal reserve banks, the top 100 U.S. government organizations, the 2018 internet retailer top 500, the top 100 consumer services companies, the top 100 healthcare organizations and more. The audit enveloped a composite analysis focusing on three main points: consumer protection; site, server, application, and infrastructure security and privacy, transparency and disclosures.
This marks the first time the government—or any other sector—has beat out the top-ranked consumer 100 in six consecutive years.
Sites that were reviewed were eligible to receive base and bonus points for implementing emerging best practices defined by OTA. The sites could also lose points for deficiencies, data breaches or other observed vulnerabilities. To qualify for honor roll, sites had to receive a composite score of at least 80 percent of the baseline points and a score of at least 60 in each of the three main categories.
The audit found that 70 percent of the analyzed websites—the highest proportion ever—qualified for the Online Trust Alliances Honor Roll. Only 52 percent of sites made the same list in 2017.
In terms of companies with failing grades in each of the three main categories reviewed, the federal government had only 6 percent failures in consumer protection, 2 percent failures in privacy and zero failures in regards to site security.
As for the other sectors, consumer services finished second this year with an honor roll score of 85 percent. The news and media and then banking sectors then came in at 78 percent and 73 percent, respectively. Notably, the healthcare sector was included in the audit for the first time and lagged behind all other sectors with a 57 percent honor roll achievement.