A security compromise not only poses a risk to your Certified IP address but could negatively affect your business and brand image.
You should follow these guidelines if the security of your Certified IP address has been compromised:
- Immediately contain and limit the exposure.
- If the security breach can be traced to a specific computer, remove it from the network and clean it using anti-virus software.
- Disable connectivity between the area involved with the compromise and your email sending system.
- If a specific user account was compromised, change all applicable passwords.
- Monitor traffic across all IP addresses and servers for other potential abuses.
- Alert all necessary parties of the compromise. This may include an internal security team or IT department, the email software vendor, or the email service provider (ESP). They can help you:
- By analyzing system logs to help identify the source and method of the compromise.
- Determine the severity of the compromise and can advise you about prevention.
- Determine if any sensitive data on the system was accessed that puts individuals (either employees or customers) at risk. If you suspect sensitive data was accessed, contact your senior leadership and legal counsel to determine next steps.
- Identify the weaknesses in your security system and take steps to strengthen it to prevent further spam from being sent from your IP address.
- Depending on the results of your investigation in identifying the root cause of the security breach, Validity can provide recommendations on how to fix the issues.
- If the compromise constitutes a potential criminal case, notify the appropriate law enforcement agencies.