Safety is our highest priority here at Jimdo, so naturally we do a lot to ensure both our online safety, and in doing so the safety of all Jimdo websites.
For example, our servers are protected by a robust firewall and so called DDOS protection (https://en.wikipedia.org/wiki/Denial-of-service_attack). Visiting your page and sending data via your Jimdo site is of course HTTPS encrypted. The messages sent via the contact form on your website are TLS-encrypted and similarly, communication via your Jimdo email address is also TLS-encrypted.
Jimdo also takes care of the SSL certificates for your Jimdo website, so that you do not have to worry about the security of your domain and your site visitors can enjoy a secure connection when they visit your website.
The hot topic that is the GDPR, also offers robust protection for your data and your Jimdo website and Jimdo is committed to ensuring compliance, as well as promoting the principles of the GDPR in all of our processes. You can read more about our efforts and practices, as well as about the GDPR and your Jimdo website on our helpful GDPR page: https://jimdo-legal.zendesk.com/hc/en-us/articles/360000189886-GDPR
Of course, Jimdo also has a team that is dedicated to ensuring legal compliance, data protection and information security at Jimdo! Information Security and the protection of personal data plays an essential role in our company. The privacy and information security team ensures implementation of the Jimdo data protection and privacy directive, as determined by the Jimdo CEO and supports Jimdo across all departments and at all levels, in planning, coordinating & implementing data protection and privacy, as well as information security.
What content do you need to be aware of and avoid online?
You have probably already heard this term somewhere. The word consists of "password" and "fishing" together, i.e. "fishing for passwords". Because that's exactly what criminals do on the internet in order to access your data. They specifically fish for passwords to user accounts created by you, or for example on Facebook or your payment data (credit card information) etc..
One example is where the perpetrators will send you an email with a well known logo and seemingly plausible details and representation of a bank or service with which you, like most people, already have an account. They will ask you to update your data or change your password. These emails usually contain a link to a website that is almost confusingly similar to the actual website (e.g. ww1.jimdo.com). Here you will be requested to enter your data or assign a new password for your account. As soon as you enter your details the scammers have access to them and will begin to carry out dubious deeds.
Please keep in mind that banks / payment providers like Paypal will generally NEVER send you an email to confirm your details. These legitimate businesses are aware that such an email is too easy to fake nowadays.
The same scam can also be found on websites. Let's imagine that you have registered for an online game, where you have earned a decent amount of gold coins. Now you are looking for extras for your game and find an alleged partner website that wants to provide you with new extras at a more competitive price than those offered by the actual gaming company. What you have to do for it? You just have to register! It's too good to be true, then it usually is not true. Before you know it, your account will be cleared out and the scammers will sell your gold coins to other players for real money.
We encourage you to be really careful where you enter your data online, in order to protect yourself from such scam. Here are more common examples of phishing attacks: https://www.csoonline.com/article/3235520/phishing/15-real-world-phishing-examples-and-how-to-recognize-them.html#slide1
Almost everyone nowadays has received spam by email. Advertising for various products or chain letters are just two popular examples. If you provide your email address in order to participate in prize giveaway competitions or similar promotions, you will generally authorize the companies to use and to share your email address. Companies can use the data themselves or in certain cases they may sell your data or share it with other companies.
Spam is also common among dodgy web site operators. They usually choose an attractive title for their website, such as "3 tips for your first million," and then link to a page, usually a product page or a page where viruses or annoying and persistent ads are waiting for you.
Aside from phishing, there are other scams where scammers use even more creative methods in order to access your data and in the worst case scenario, your money. The scams out there can range from "cheap" cars with prepayment, or crypto currencies, to booking apartments - of course with a deposit to be paid in advance, or even the sale of well known products at bargain prices. As scammers become more and more professional, it is often difficult to spot such scams on websites. Always check the page in advance of purchase and trust your gut feeling. Anything that makes you skeptical is a reason to leave the site (e.g. the logo looks off or like a copy etc.). In order to judge the nature of a website, a good starting point is to look out for is a direct contact possibility (i.e. telephone number or email address), an imprint/business information. Ask yourself: is the address recognizable and can the company be located or contacted.
What you can do for your online security:
- Install the security updates of your programs/device regularly. These are available directly from the manufacturer. Ideally, you can also activate "automatic updates" in the programs and then you no longer have to remember to install them.
- Use and update an antivirus program regularly.
- Use a modern Internet browser with advanced security mechanisms such as a sandbox. The German Federal Office for Security in Information Technology for example, recommends Google Chrome. In addition, the browser should have a filtering mechanism that alerts you to malicious websites before you visit them. Examples of such filtering mechanisms are the Smartscreen Filter in Internet Explorer, as well as the phishing and malware protection on Google Chrome and Mozilla Firefox.
- It is highly recommended that you use the “incognito mode” of your browser in order to visit websites that you do not know or that you find strange.
- Always use a secure password. We all know that it's hard to remember so many different passwords that are not related to you. A strong password is a mixture of uppercase and lowercase letters as well as numbers and special characters. It should have a minimum length of 8 characters, optimally more of course.
- Make regular backups and encrypt the backup media. These protect you from data loss and should therefore be placed on your regular to-do list.
- Make sure you use encrypted Wi-Fi and encrypted pages. The little green lock to the left of the URL ad will indicate an encrypted page.