Security & Privacy
Security and privacy come first, that’s what we say we do. That means that we have to do this ourselves too. Below you will find an overview of security tests and our explanation thereof. Of course we have applied the suggestions for improvement from all test sites where technically possible.
Security Rating
Our partner SecurityScorecard gives us the excellent rating A on our entire public digital footprint. We score an A in the area of Network Security, DNS Health, Patch management, IP Reputation, and Application Security..
The security rating from SecurityScorecard can be viewed here, or downloaded here.
Doing business with us means a 5 times smaller chance of a breach or data breach than with organizations that score C or lower!
Secure email traffic
Internet.nl gives our email environment a score of 97%.
Source: https://internet.nl/
Secure connection
Internet.nl therefore gives our website a score of 97%.
Source: https://internet.nl/
Secure website
ImmuniWeb therefore gives our website a score of A+.
Source: https://www.immuniweb.com/
Robust encryption
We use a strong and modern encryption standard on our website and services. This means that the connection between your computer and our server is encrypted and protected in a robust manner. This way we prevent data from leaking.
Qualys SSL Labs therefore gives our website a score of an A+.
Source: https://www.ssllabs.com/
Encryption guaranteed
We comply with the so-called HSTS preload status. With this, web browsers know that our website should always be visited via HTTPS (encryption). So when someone tries to breaks into your connection, the traffic cannot be diverted.
HSTS preload therefore indicates that our status for HSTS preload is allowed .
Source: https://hstspreload.org/
Secure headers
Security Headers therefore gives our website a score of an A.
Source: https://securityheaders.com/
Privacy protection and legal requests
Responsible Disclosures
Ethical hackers make a great contribution to the digital security of our society. In addition to having a procedure so that we can report found vulnerabilities, we also state below which valid reports have been made.
Our Hacker's Hall-of-Fame
- 2021/01/29 – Chan Nyein Wai – Denial of Service vulnerability in load-styles.php – no patch by WordPress; already applied compensating controls in regard to report of 2019/06/03 for CVE-2018-6389.
- 2020/09/08 – Shebi Levi – Denial of Service vulnerability in wp-cron.php – no patch by WordPress; applied compensating controls
- 2020/04/02 – Gul Hamee – Tabnabbing vulnerability on a set of links – no patch by Divi; removed “_blank” targets from links
- 2019/08/06 – Mansouri Badis – Denial of Service vulnerability in XML-RPC – no patch by WordPress; applied compensating controls
- 2019/06/03 – Asim – Denial of Service vulnerability in load-scripts.php (CVE-2018-6389) – no patch by WordPress; applied compensating controls
Geolocation data processing
We choose our technology suppliers and partners carefully. One of the most important criteria is the storage location of the data we process. We also conclude a Data Processing Agreement if required. If there is a transfer of personal data from the European Economic Area (EEA) to countries or organizations outside the EEA, we will take additional measures, such as concluding Standard Contractual Clauses from the European Commission.
Overview core suppliers
- We use Amazon Web Services to host our website and our own services. We primarily use the data center in Germany, and as secondary the data center in Ireland.
Read more about their GDPR policy here. - Cloudflare is used to protect our website and our own services from cyber attacks. The nature of the architecture is that the closest edge servers are used. For our Dutch customers this is Amsterdam, for example.
Read more about their GDPR policy here. - Google Suite is our office, collaboration and email environment. We have also set the storage location to the European Union.
Read more about their GDPR policy here.
Sustainability
There is something else that we find very important. And that is sustainability. With our company we depend on third parties for a sustainable approach. Because our company works entirely in the cloud. We do not have our own servers and other hardware, other than a laptop and a smartphone per employee.
For that reason we provide data or links to sustainability information of our core suppliers for data storage and processing capabilities.
Overview core suppliers
- Amazon Web Services is committed to run their business in the most environmentally friendly way possible
- Cloudflare has deployed their architecture in such a way that energy is not wasted as much as possible.
- Google strives to build sustainability into everything they do.