The only way to stay safe on the internet is by helping each other minimize security risks. So as a precaution, I want to make you aware of a situation that could possibly affect you.
There are currently several databases available on the internet containing personal data such as e-mail addresses, user names and associated passwords. Lately, our security teams have noticed an increase in attacks attempted by unauthorized parties using this data.
In order to protect yourself, we recommend everyone to take the following actions if you haven’t done so already:
Having your IP address end up on a so called ‘blacklist’ can be a troublesome experience, especially when not anticipated. In most cases, it is a sign that something is wrong on the server(s) you rent or own, or that maybe one of the end users hasn’t followed email sending guidelines. This post is dedicated to those who want to know more about IP address reputation and what can be done to resolve issues identified by other parties.
The ongoing fight against spam
As we have already explained in the Spam blogs (I and II), email spam continues to be an issue. Due to the ever-evolving problem of email spam, there is an understandable need to have measures to combat this. Over the years, several efforts have been made to prevent unsolicited emails from reaching email inboxes by a plethora of means. Many of these proposed solutions have had promising technical white papers but few have actually resulted in an implementation that is either scalable, reliable or both.
Last time, we talked about how spammers gather email addresses and then make money from them. This time we’re looking at a few more things you may not know about spam.
How to prevent your promo emails being marked as spam
You have a web shop with a lot of customers who would benefit from knowing you have a sale next week. How do you make sure that your email won’t get marked as spam?
The following rules have been created to make sure companies can send out marketing emails to their customers without them ending up in the junk folder.
- Double opt-in: Each customer must (1) actively sign up for emails on your website and (2) respond to an email sent by you to confirm that they indeed want to receive them.
- A fully functioning opt-out option in each marketing email they receive: Each marketing email you send needs to have an opt-out option – one which actually works.
Where does spam come from? Why do people send it? And what can we do to stop it clogging up our inboxes? This two-part article explores these issues and comes up with practical ideas for keeping us safe, secure and spam-free.
It’s almost impossible to open your e-mail inbox and to not see spam in there. In some cases, it’s because someone unintentionally for signed up to things like clickbait articles. A clickbait article is, for instance, an article where they promise you a free trip to New York – although the free trip may not even exist. Most of the time those articles channel responses to information harvesters which, in turn, will lead to databases containing literally millions of email addresses and personal contact details. Such databases or lists can be sold to the highest bidder on the dark net/dark web/deep web, or even on normal sites.
Organizations are increasingly dependent on their digital infrastructure. At the same time, these organizations seem to be more vulnerable than ever as cyber criminals’ techniques become more and more sophisticated. So how can you handle this situation? In other words: how do you become a secure online organization?
This was one of the topics discussed by Dell and LeaseWeb customers during a roundtable discussion about security. IT security specialist and journalist Brenno de Winter provided interesting insights in his introduction: “If your company wants to be a secure organization, you have to manage risks. There are four options when dealing with risks: accepting them, reducing them through security measures, avoiding risks by ceasing certain activities, or to partially outsource risk management to a third party. There are also affordable insurance policies against hacks available which are worth considering. But no matter what you do, make sure you have a risk management strategy in place, supported by tools that identity the security risks of your organization.”
“Should we keep IT security in-house or is it better to outsource?” This has long been a thorny issue for organizations. Recently, it was one of the most important topics during a LeaseWeb Security Round Table with customers and I’d like to share some of the things I learned.
The discussion immediately took off following a statement from one of the participants, an end user: “In the Netherlands, the mantra is to focus on your core business. I dare to differ. I always learned that when operations are critical to your organization, you should keep them close. If security is critical to your company, why outsource it? If you outsource, you disconnect it from your company. What do you think about this?”
After my previous blog last month we were still looking out for any news about solutions for the Safe Harbor invalidation. Since the press release of the EU US Privacy Shield, announced by the European Commission on February 2, 2016, we have seen many press articles and numerous links. So here is our update and recap on the timing of the EU US Privacy Shield and alternative solutions offered by LeaseWeb.
On January 1, 2016, the new Dutch Law on Data Breach Notifications came into effect. Organizations – both companies and government agencies – are now required to immediately report any serious data breach to the Dutch Data Protection Authority (Authoriteit Persoonsgegevens). And, if it is likely that the data breach will have an adverse effect on the privacy of those involved, those people have to be informed as well.
A data breach is defined as the act of accessing, deleting, modifying or releasing personal data, committed unintentionally by the organization. Not only releasing (e.g. leaking) personal data, but also the illegal processing of data, will be seen as a data breach. Examples of data breaches are a lost USB stick containing personal data, a stolen smartphone or malicious access to a database by a hacker.
In October last year, the US Safe Harbor regime was invalidated by Europe’s Court of Justice, meaning that personal data of Europeans could no longer be transferred by a company to US companies solely on the basis of such companies being Safe Harbor-certified.
At the time of the ruling, no replacement for the Safe Harbor principle was proposed. The European Commission gave itself a 3-months term to come up with an alternative solution, working towards January 31, 2016. It is not likely that this timeline will be met but we expect new developments to be made public in the coming weeks.