Session awareness & account management: How active are you?

Here at Mailgun, we take cybersecurity extremely seriously. When it comes to our customers’ emails, a compromised account can mean compromises for their end users as well. To mitigate that risk, we develop new security protocols and measures to make sure that our customers can have better insight into their account security, as well as better ways to protect themselves from bad actors.

All that said, let’s get a better idea of what a session actually is, and for that, let’s go to the movies.

Imagine this

A session is a lot like going to the movies. You walk up to the box office (the login screen) and provide your payment information (your username and password) with the clerk (the application) to buy a ticket to get into the theatre (the platform). After that, you walk into the theatre and flash your ticket to prove you've paid to see the movie (to sign in to the application successfully). From there, you get to watch the film (i.e., collect data, reply to tickets, etc.) for a couple of hours until it's time for you to leave and go home (log out of the application).

But imagine that someone took your payment information, and suddenly you couldn't buy a movie ticket. Not fair, right? They get to use your money to buy a ticket somewhere else, and you're left kicking the dirt outside of the theatre.

Compromises suck

Weird movie theatre metaphors aside, there isn't anything funny about a compromised account. It can cause a substantial negative impact on your sending reputation and leave long-lasting damage on your business, depending on what the compromiser does with the account. Plus with the increasing number of cybersecurity attacks in recent years, it is a great time to start now on being vigilant about all of your accounts, including your Mailgun account.

Monitor your sessions

In regards to the above scenario, Mailgun offers a couple of ways for you to take control and manage your account to help prevent account compromises from happening. We offer a multi-factor authentication method, session timeout preferences, role-based access control, and a shiny, new widget in the control panel that you may have already seen. 

This new widget allows you to see the current, active sessions of those who have access to your account. A user can look at this widget and see when and where the last sign on occurred for a given account. From there, it can be determined whether or not the session is legitimate or a compromise. For example, a typical red flag would be seeing that someone who is typically locally signed in from a whole new country or from an unfamiliar IP.

Cybersecurity Best Practice

Need a little extra help in building your cybersecurity awareness with your Mailgun account? You can secure your account for any and all who have access to the account and maintain its security by:

1. Activating Multi-Factor Authentication methods and making sure others do so as well

2. Monitoring active sessions and reporting anything that appears out of the ordinary

3. Maintaining the list of those who have access to the account is up to date, and

4. Making sure only those who need access to the account have access to the account

5. Making sure those who have access to the account have the appropriate account privileges

6. Setting up session timeout preferences to prevent people from piggybacking off of any sessions that may still be alive

Security improvements happen constantly

While this is not the peak of security options we wish to have available to you, we're always looking to create better ways to keep your Mailgun account secure. The best way to help us make that possible is to go through your account and make sure that you have everything locked down on your end. By taking advantage of all the security measures we have to offer, you're creating the safest environment for your Mailgun account. Fewer compromises mean less stress for you, and more time doing what you do best with Mailgun - sending email.

PS – We would recommend doing things like this for all of the services you use, both personally and professionally.