The Federal Trade Commission (FTC) is addressing digital security risks by focusing on data management, software development, and product design. The agency's efforts aim to protect consumers and small businesses from data breaches and modern security threats. "Technologists at the agency work to ensure we do not accept the status quo of harms to millions of people caused by unlawful behavior," said the Chief Technologist regarding data security risks.

In terms of data management, companies are encouraged to implement initiatives that focus on how consumer data is collected, stored, retained, and shared. Examples of FTC actions include enforcing mandated data retention schedules in cases like Chegg and Amazon Alexa, mandating data deletion in orders such as Amazon Ring and Avast, limiting third-party data sharing with actions involving Vizio and GoodRx, and encrypting sensitive data as seen in CafePress.

For software development security, applying principles like "secure by design" can prevent online attacks. This involves using memory-safe programming languages, conducting rigorous testing before release as highlighted in D-Link cases, and securing external product access demonstrated by the Drizly order.

Product design for humans includes techniques such as enforcing least privilege access control found in Amazon Ring settlements and requiring phishing-resistant multifactor authentication for employees noted in Chegg cases. Designing products without dark patterns was addressed in a case involving Vizio.

The FTC emphasizes that addressing these threats requires comprehensive measures directed at systemic vulnerabilities within technology. The agency continues its commitment to protecting American consumers from digital security threats through its longstanding experience.