CISPA
The Cyber Intelligence Sharing and Protection Act, or, CISPA, is a proposed law in the United States which would allow for the sharing of Internet traffic information between the U.S. government and certain technology and manufacturing companies. The aim of the bill is to help the U.S government investigate cyber threats and ensure the security of networks against cyberattack.
Its predecessors, SOPA (Stop Online Piracy Act) and PIPA (Protect IP Act) were blocked earlier this year; however, CISPA has been passed in the House of Representatives and is now awaiting attention in the Senate.
Overview of CISPA
While SOPA and PIPA were meant mostly for stopping pirated material from being transferred over the internet, CISPA is an entirely different can of worms. Succinctly put, it allows both the government and private businesses to share information about cyberthreats. (Cyberthreats are anything making “efforts to degrade, disrupt or destroy” vital networks, or anything that makes a “threat or misappropriation” of information owned by the government or private businesses.) CISPA rewards companies for collecting data from internet users, intercepting or modifying communications, and providing this information to the government.
What does this mean to you, as a company with a website?
CISPA mostly affects individual internet users, however, its intent is to allow companies to protect their computers and networks against global cybersecurity threats. Information-sharing with the government is voluntary; however, data anonymity is encouraged and not required (from “CISPA Will Improve U.S. Cybersecurity” by Matthew Eggers at the US News and World Report).
According to an article from the Electronic Frontier Foundation, “One of the scariest parts of CISPA is that the bill goes above and beyond information sharing. Its definitions allow for countermeasures to be taken by private entities, and we think these provisions are ripe for abuse… These countermeasures could put free speech in peril, and jeopardize the ordinary functioning of the Internet… These countermeasures could even serve as a back door to enact policies unrelated to cybersecurity, such as disrupting p2p traffic.”
Additionally, “Heritage [Foundation] discussed how CISPA gives private entities ‘clear legal authority to defend their own networks.’ While we think private entities should be able to defend their networks, they should not be able to do without accountability in a manner that threatens free speech or disrupts the Internet.”
Where do you stand?
Appletree MediaWorks believes privacy is of the utmost importance, however, in a democratic society such as ours, we recognize the need for discourse on all topics of this nature. Please feel free to comment with your opinion on CISPA.
Backing Up Your Data
One of the most important (but also the most neglected) areas of computing is backing up your data. Most people assume they’re safe because they’ve never experienced a disaster in the past, but they are sadly mistaken. Disasters will happen, at some point, and you will be kicking yourself later if you neglect this important task.
What does it mean to “backup?”
Backing up refers to the copying and archiving of computer data so it may be used to restore the original after a data loss event. When a computer user backs up their data, they are storing a copy of their information in a safe and secure place. There are many options when it comes to backing up your data, and most of them are reasonably priced.
Why backing up is important
Backups protect you from hardware failure, viruses, theft, accidental deletion, fires, floods and other disasters. If you were to experience any of these events without first backing up your data, you run the risk of losing all your work and important files. It is suggested that you have at least two off-site backup copies of your data, however, many people get by with just one.
Recommended products to help you back up your data
There are many services out there to assist businesses and individuals in backing up their data, often with only a few clicks of the mouse. Carbonite boasts that they are automatic (they backup your data without you having to do anything other than purchase their service), secure (all files are encrypted), and affordable (plans start at $59 per year). Another great service is Crashplan, whose plans start at less than $20 a year.
For documents that you are constantly using and changing, you may want to consider a cloud storage option, such as Google Drive or Dropbox. Both of these options offer two-step verification for added security, as well as a small amount of free storage. More storage is, of course, available for purchase.
If a paid service doesn’t sound appealing to you, you can also backup your data yourself. Technology retailers have storage devices available for purchase and you can talk to a customer service representative to decide which storage device is right for you. The only downside to this is, of course, that you have to actually remember to back up your data on a regular basis.
How we protect your data
Appletree MediaWorks keeps your site up and running by always storing a backup – just in case. All sites are backed up nightly and the information is always stored in a safe place.
How to Survive a Joe Job
To a budding or established company on the web, the possibility of cyber attacks is very real and can be damaging to your reputation if not handled correctly. One of the worst of such online threats is the all-too-common “Joe Job” attack.
Essentially, a Joe Job attack happens when an attacker sends fake (spoofed) spam email that appears as though it originated from your domain. Email has always been one of the most insecure protocols on the Internet – anybody with even a minimal knowledge of technology can send email “from” whoever they want, without much effort.
Usually you become aware of such an attack when you begin receiving a flood of angry email replies to the spam (since the Reply-To address is often your own). Now begins the long arduous task of saving face amongst the onslaught of defamation. It seems daunting, but we have compiled a comprehensive guide to surviving a Joe Job attack, should you be unfortunate enough to become a victim:
1. Create abuse@yourdomain.com and postmaster@yourdomain.com if these do not already exist. These should either be set up to forward to you, or you could configure your email client to also receive email from these addresses. This is so that information sent from SpamCop and other blacklist services is not missed. Whenever somebody submits one of the spam emails to SpamCop, real time reports will be forwarded to abuse@yourdomain.com. Fortunately, SpamCop is smart about these things and will realize that the emails are not originating from your domain.
2. Set up a spam information page with information about the attack and a form where victims can submit the header information from the offending emails to help you expedite the investigation. In cases where the attack is being carried out by a devious competitor, this will have the benefit of letting them know you’re onto them, and they need to stop. It also helps the people who are receiving the spam. They may be hearing about your company for the first time by receiving the defaming spam, and the proactive ones will almost certainly be browsing your site looking for answers. It will help immeasurably to provide them with the information they are looking for, letting them know that the email did not come from you and that there is something they can do to help end the attack. As you begin to receive more information it will also help with your own investigation. Appletree’s Joe Job information page is an excellent reference.
3. Create an alert link from your home page that directs people to the spam information page without distracting the customers who are there under normal circumstances. The point is that you need to address the issue with an official response and a way for proactive victims to do something meaningful to help stop the attack.
4. Once people begin sending you full header information thanks to step 3, you can begin doing some research to find out where the attacks are coming from. As you view the full headers, the only line which cannot be faked is the “Received” line, which usually contains the originating IP address. This may or may not be useful because a smart attacker will often bounce their emails off of several “open relay” servers, effectively hiding their original location. This information will still be very valuable to SpamCop, however, in building up a blacklist of known “open relay” servers, which will be beneficial in the long run. Make sure to create a SpamCop account and submit all of the spam emails you receive.
5. Notify your web host about what is going on. Even though the emails are not being sent from their servers, it is good for them to know what is happening. Sometimes web hosts will help with the investigation.
6. Utilize your social networks – blogs, Facebook, Twitter, etc – to send out helpful “security” reminders, while being sure not to instill fear. The people in your own network will appreciate the information even though they most likely did not receive the spam email. The spammer usually has different targets and goals, separate from your own. It is always a good idea, though, to make sure your own customers are aware of your spam policy and that you are actively on top of keeping them safe while doing online business with you.
Other than that, be very gracious and kind to the victims who complain about getting spam from your company. Being knowledgeable enough to briefly explain the nature of the problem will go a long way towards turning potentially bad press into a network of allies.
