Our team has one more professional with CCNP certification level
All of our certificates: About Us
General changes:
There is a ton of information about paperwork needs to be done to comply with GDPR. Here we would answer the question: «What technically should be done at your mail server to meet requirements?»
First of all, let’s qualify what is ‘personal data’ according to the GDPR:
Article 4
(1) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Mail server naturally keeps a lot of ‘personal data’. And it is not just about mailboxes’ content. Every time when an employee connects to corporate mail using a personal device, the server saves information about the device and IP address which can be linked to geolocation.
Even more, if you have CVs in your mailbox (most probably you have it), then your mail server contain specific personal data:
(13) ‘genetic data’ means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;
(14) ‘biometric data’ means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;
(15) ‘data concerning health’ means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;
As a result, even if you are not collecting personal data purposely, just by operating in B2B segment you accumulate ‘personal data’ and need to follow GDPR.
So, what technical actions need to be taken to meet the GDPR? The law gives very general requirements:
Article 32 Safety of processing
(a) the pseudonymisation and encryption of personal data;
(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
(c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
Another one engineer from our team successfully passed the exam 70-345: Designing and Deploying Microsoft Exchange Server 2016 and received MCSE: Productivity certification.
This confirms the professionalism of our team members once again in the field of support of Exchange servers and migration to Office 365.
All of our certificates: https://servilon.com/team.
Currently when a user opens a file on a FTP server using Chrome, it will try and render that file in the browser. Developers propose download the file rather than opening it in the browser. However, Chrome will continue to display FTP directory indexes. Firefox wants to remove FTP support as well.
Skype development team announced testing of the new cloud filesharing feature in the latest Skype Insider Build. Users will be able to share a link to a file or folder in OneDrive directly in the chat. If your contact is on a mobile device and has the application available, the file will open directly in that app, and not in the browsers. If your contact does not have the application installed, the OneDrive web site can preview most commonly used filetypes. A new feature is currently available to Skype insiders.
A bug with the online video feature in Microsoft Word, recently discovered by Cymulate security researchers, found its first use for deliver malware. Trend Micro specialists discovered and described the URSNIF information stealer spreading mechanism. Users can defend against threats abusing this by blocking Word documents that has the embeddedHtml tag in their respective XML files or disabling documents with embedded video.
The company explained that in the final QA validation step of the automated software build system for the Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software inadvertently left an internal exploit for the Dirty COW vulnerability (CVE-2016-5195). The purpose of this QA validation step is to make sure the Cisco product contains the required fixes for this vulnerability. This issue affects versions X8.9 to X8.11.3. All affected software images have proactively been removed from the Cisco Software Center and will soon be replaced with fixed software images.
Trend Micro specialists have discovered a Trickbot’s new module, called pwgrab32 or PasswordGrabber, steals credentials from applications such as Filezilla, Microsoft Outlook, and WinSCP. It also steals usernames and passwords, Internet cookies, browsing history, autofills and HTTP posts from several popular web browsers such as Google Chrome, Mozilla Firefox, Internet Explorer, and Microsoft Edge.
Running Windows Defender Antivirus in a sandbox ensures that in the unlikely event of a compromise, malicious actions are limited to the isolated environment, protecting the rest of the system from harm. Support the sandbox feature is not enabled by default, but users can turn the feature on by setting a machine-wide environment variable (setx /M MP_FORCE_USE_SANDBOX 1) and restarting the machine. This is currently supported on Windows 10, version 1703 or later.