Firstly, it's important to confirm that Sitemorse does not in general, store private data that belongs to our clients - so even in the unlikely event of a breach, there is no sensitive or confidential client data at risk. Additionally, the Sitemorse service is not directly involved in the provision of web sites, so if the service is not on-line this has no direct effect on client sites, which will remain perfectly operational as normal.

Having said this, we of course take security very seriously. We adhere to industry standards of encryption and network security and relevant best practices. Our servers are housed in secure data centres and utilise modern operating systems with security patches applied in a timely manner. We monitor for new attacks such as Spectre and Meltdown, and take additional actions as necessary when appropriate.

Spectre and Meltdown are attacks that are effectively of the category known as "privilege escalation". They allow an attacker who can run code on a server to be able to read information that they would not otherwise be able to access. This means the attacks are of particular relevance to cloud-based virtual servers such as those hosted by Amazon Web Services or Microsoft Azure, because attackers are able to run code on the same physical machine by simply paying a trivial amount of money to the cloud service provider.

Sitemorse's core servers are not cloud based - they are dedicated physical servers. This means that Spectre and Meltdown have little relevance - an attacker cannot run code on the servers in order to attempt the attacks. These new attacks do not present any additional threat to the service.

We will however of course be applying security patches as usual when they are issued by the operating system vendors in conjunction with our hosting providers, including cloud providers that we use for ancillary services. These patches, in line with past practice, will either involve no down-time, or only brief down-time well outside business hours. As mentioned above, there is no mechanism by which any period of down-time could affect the continued operation of client web sites.