Session awareness & account management: How active are you?
Keep your Mailgun account protected from bad actors through account sessions. Read more...
October has come to an end, and with it, everything else associated with October like National Cybersecurity Awareness Month (NCSAM). While NCSAM might be over, security doesn't stop because a calendar month has come to a close. If it did, we'd all be having a bad time 11 months out of the year!
Table of content
Cybersecurity Best Practice
Table of content
Here at Mailgun, we take cybersecurity extremely seriously. When it comes to our customers’ emails, a compromised account can mean compromises for their end users as well. To mitigate that risk, we develop new security protocols and measures to make sure that our customers can have better insight into their account security, as well as better ways to protect themselves from bad actors.
All that said, let’s get a better idea of what a session actually is, and for that, let’s go to the movies.
A session is a lot like going to the movies. You walk up to the box office (the login screen) and provide your payment information (your username and password) with the clerk (the application) to buy a ticket to get into the theatre (the platform). After that, you walk into the theatre and flash your ticket to prove you've paid to see the movie (to sign in to the application successfully). From there, you get to watch the film (i.e., collect data, reply to tickets, etc.) for a couple of hours until it's time for you to leave and go home (log out of the application).
But imagine that someone took your payment information, and suddenly you couldn't buy a movie ticket. Not fair, right? They get to use your money to buy a ticket somewhere else, and you're left kicking the dirt outside of the theatre.
Weird movie theatre metaphors aside, there isn't anything funny about a compromised account. It can cause a substantial negative impact on your sending reputation and leave long-lasting damage on your business, depending on what the compromiser does with the account. Plus with the increasing number of cybersecurity attacks in recent years, it is a great time to start now on being vigilant about all of your accounts, including your Mailgun account.
Monitor your sessions
In regards to the above scenario, Mailgun offers a couple of ways for you to take control and manage your account to help prevent account compromises from happening. We offer a multi-factor authentication method, session timeout preferences, role-based access control, and a shiny, new widget in the control panel that you may have already seen.
This new widget allows you to see the current, active sessions of those who have access to your account. A user can look at this widget and see when and where the last sign on occurred for a given account. From there, it can be determined whether or not the session is legitimate or a compromise. For example, a typical red flag would be seeing that someone who is typically locally signed in from a whole new country or from an unfamiliar IP.
Cybersecurity Best Practice
Need a little extra help in building your cybersecurity awareness with your Mailgun account? You can secure your account for any and all who have access to the account and maintain its security by:
Activating Multi-Factor Authentication methods and making sure others do so as well
Monitoring active sessions and reporting anything that appears out of the ordinary
Maintaining the list of those who have access to the account is up to date, and
Making sure only those who need access to the account have access to the account
Making sure those who have access to the account have the appropriate account privileges
Setting up session timeout preferences to prevent people from piggybacking off of any sessions that may still be alive
Security improvements happen constantly
While this is not the peak of security options we wish to have available to you, we're always looking to create better ways to keep your Mailgun account secure. The best way to help us make that possible is to go through your account and make sure that you have everything locked down on your end. By taking advantage of all the security measures we have to offer, you're creating the safest environment for your Mailgun account. Fewer compromises mean less stress for you, and more time doing what you do best with Mailgun - sending email.
PS – We would recommend doing things like this for all of the services you use, both personally and professionally.
Build Laravel 10 email authentication with Mailgun and Digital Ocean
When it was first released, Laravel version 5.7 added a new capability to verify user’s emails. If you’ve ever run php artisan make:auth within a Laravel app you’ll know the...
Here’s everything you need to know about DNS blocklists
The word “blocklist” can almost seem like something out of a movie – a little dramatic, silly, and a little unreal. Unfortunately, in the real world, blocklists are definitely something you...