As the United States prepared to take a long holiday over the July 4th weekend, the Department of Justice set off some fireworks of its own: the department published a new edition of the FCPA Resource Guide, a one-volume compendium of all things related to the Foreign Corrupt Practices Act (FCPA). What does the Foreign… Read More
A blacklist is a list of entities that an organization wishes to avoid interacting or doing business with in the future. Organizations of all kinds create and maintain blacklists for a variety of purposes. In some industries, networks of firms create, update, and share blacklists to collaboratively keep track of unreliable contractors, unscrupulous vendors, internet scammers, and more.
Blacklisting is one of the best tools that organizations can use to sanction bad actors and shield themselves from repeated attempts at exploitation or fraud.
What is Blacklisting?
Blacklisting can refer to the general practice of maintaining blacklists or to the specific action of adding an unscrupulous individual or entity to a blacklist. The purpose of blacklisting is to officially designate an entity as unacceptable and discourage or prohibit interaction between the organization and the blacklisted entity.
Blacklisting is used in a variety of situations, from corporate cybersecurity to environmental activism. We find the following features of blacklisting to be typical across most contexts:
- Entities are added to a blacklist because they are deemed suspicious, untrustworthy, unscrupulous, or otherwise unacceptable by the compiling organization.
- Organizations avoid interacting or doing business with entities on their blacklists.
Why are People Blacklisted?
Blacklists serve two important functions for the organizations who create and maintain them:
- Record keeping – A blacklist acts as a record of entities which have been deemed unacceptable by the organization.
- Reference – Members of the organization can refer to the blacklist to ensure they are not doing business with entities who have been deemed unacceptable by the organization.
People can be blacklisted for a variety of reasons that ultimately depend on the nature of the relationship between the organization compiling the blacklist and the blacklisted entity. Regardless of the specific reason for blacklisting, the ultimate purpose is to restrict future interactions between the blacklisted individual and the organization.
What is an Example of Blacklisting?
Blacklisting takes place in a variety of contexts, including but not limited to the following:
- A computer or server may be configured with a software blacklist to prevent certain types of software or applications from running on the machine.
- Organizations can use blacklisting to reduce email phishing attacks by blocking incoming mail from servers that are known to send malicious communications.
- A web browser may be configured with blacklisting to prevent users from accessing specific websites.
- A contractor accepts up-front payment of $1000, but never delivers the service. The organization adds their name to a blacklist, making them ineligible to bid on future projects.
- A worker steals $1,000 from her employer and is fired. The employer adds her name to a blacklist, making her ineligible to be hired in the future.
- An environmental group disagrees with an entity’s business practices. The group blacklists the entity’s products and encourages its members to shop elsewhere.
What is Whitelisting?
Whitelisting is a “zero-trust” approach to IT security.
Rather than maintaining a list of entities that are considered untrustworthy (blacklisting), the organization creates a whitelist of entities that are permitted to access the network and prohibits access for all entities that do not appear on the list. This approach ensures that only approved users, devices, and applications are permitted on the network.
Whitelisting can also be used to identify trustworthy contractors or preferred vendors and encourage the organization to continue doing business with those entities.