By now, you’ve likely heard the reports that around 18,000 of 300,000 SolarWinds clients have been the victims of a cyber attack. This is a major global cyber event involving the U.S. Government, including highly classified agencies, as well as many Fortune 500 companies. News like this always makes me stop in my tracks. As a cybersecurity professional, it is a strong reminder that cybersecurity must always be at the forefront for any company. A large security breach is not only operationally disruptive, but it can cause deep financial and reputational damage to affected companies.
Our clients have been asking if we were affected by this event. We were not, but remain vigilant in monitoring the situation. An attack like this is something the entire cybersecurity community should understand to help fortify efforts against other future attacks. Here are some actions that we are taking and that our clients can take to add an additional layer of precautionary measures:
What We’re Doing
SparkPost has strong relationships with its critical security vendors and partners and they have confirmed that we have the appropriate visibility and protection against this specific threat or similar attacks. Additionally, SparkPost has strong internal controls and a team of dedicated security professionals to monitor the situation as it is evolving in scope and scale and will take any actions as needed.
What You Can Do
No direct, immediate action is needed from our customers at this time. We will continue to monitor on your behalf to watch for any anomalies and suspicious behaviors as we always have. Security is of utmost importance to us and we continue to make it a priority to keep our clients’ data and SparkPost environments safe and secure.
It is a good time to remind our community, though, that there are proactive steps that all can take to add more security measures to their email programs. Here are some recommendations from me and my team:
- Two-factor authentication (2FA) or Single-Sign On (SSO) adds an extra level of security for your account by protecting login credentials as well as account data. You can see instructions on how to implement these capabilities below. (It’s important to note that all customers will be required to implement one of these measures by February 1, 2021.)
- Change your password regularly and use a strong password
- Consider using a password vault
- Rotate API keys on a periodic basis
As always, If you have any questions or concerns please submit a support ticket or reach out to your assigned TAM or CSM.
Happy Holidays and safe email sending!