There are a range of online threats waiting to take advantage of lax email security, and it’s not just individuals at risk. Even multi-million-dollar companies have had their systems compromised by employees falling victim to sophisticated social engineering attacks, clicking on a link or downloading an attachment they shouldn’t have. Online security threats can range from the classic advance fee fraud (also called “419 scams”) and phishing attempts to nasty viruses and malware. Even if you’re fairly Internet-sawy, there are new security risks every day that you need to be aware of.
Stay one step ahead when it comes to online security with these six simple but highly effective tips to keep hackers and cyber-criminals out of your inbox.
1. Choose a secure password and change it regularly
You’ve probably heard this basic advice a thousand times, but you’d be surprised at the number of people who have an insecure password for their email account, or rarely change it. Due to the amount of personal information contained in a typical inbox; a hacker could cause serious problems in both your personal and professional life. Weak passwords are responsible for all sorts of security vulnerabilities a secure, regularly changed password is the first step to ensuring online security and should not be taken lightly. Choose a unique password for different services. If a hacker gains entry to your email, they’ll check if your other accounts, such as Amazon and Facebook, have the same password. By having different passwords, you can limit some of the damage should the worst happen. Passwords must be changed every three months for maximum security; set up a recurring reminder in your calendar. If you have a security question, ensure it isn’t one with an easily guessable answer.
2. Enable Two-Factor Authorization
Two-factor authorization, or 2-FA as it is more commonly known, is a simple yet effective tool in the fight to keep your inbox safe from hackers and online criminals. When log in to your email or wish to change your password, an authorization code sent to your mobile phone must also be entered. This means if anyone does manage to gain entry to your email account, they’ll be unable to lock you out by changing your password. Also known as two-step authorization, it can usually be enabled in the Settings section on your email account. Take a moment to set it up; although it will take you a little longer to log in to your email, it could save you a lot of trouble if your email security is compromised in anyway.
3. Utilize a VPN when using a public Wi-Fi network
There’s no denying public Wi-Fi networks are convenient. However, many people don’t realize the dangers of using them. As no authentication is required to gain a network connection, it’s easy for a hacker to intercept your information by using a piece of software to act as a “man in the middle.” Instead of communicating with the Wi-Fi hotspot, you’re sending all your personal information straight into the hands of cyber-criminals. Public Wi-Fi systems are also used to spread malware when file-sharing with the network is allowed. A virtual private network protects you from all the risks associated with public networks by sending all your information to the VPN over a secure connection. Simply put, your computer acts as if it is on the same network as the VPN, meaning your data is completely safe from prying eyes. VPNs are also useful for securely accessing your home or business networks while traveling.
4. Be aware of sophisticated “phishing” emails
Phishing scams are designed to extract your personal information, by asking you to enter your details on a fraudulent website or by clicking a link that installs malware on your PC. These emails often purport to be from high-profile institutions such as Facebook, Amazon, or banks and PayPal. They will often say that they are having problems with your account and you need to sign in to fix it. The link in the email will then take you to a fraudulent website that will be used to steal your information. There are several ways to identify phishing emails:
- Phishing scams usually start with “Dear Customer” or a similar generic greeting
- Look out for spelling and grammatical errors
- Lack of contact details for the company
- Titles intended to frighten you, such as “Account Suspended” or “Urgent Action Required”
The best way to avoid phishing attacks is to NEVER click links sent to you in an email (unless it’s something you’re expecting such as a website/newsletter registration or forgotten password reset etc.). Always manually type the web address for sensitive sites, such as your online banking and look for the little green padlock in the top left hand corner of the screen; this means it’s secure and authenticated so you can be sure it’s not a fake phishing site.
5. Use Public Key Encryption to encrypt electronic communications
Public key encryption is the ultimate layer of security. Based on software called “Pretty Good Privacy,” or PGP, you will receive a key pair upon registration. One of these is public, while one is your private key. By sharing your public key with other users, they are able to send encrypted data to be unlocked only by you with your private key. When using PGP, there are two important points to bear in mind:
Only the body of the email is encrypted -the metadata, timestamp and header are still visible to interceptors
Your private key should never be given to anyone
PGP can also be used to sign messages to verify your identity and encrypt the contents of your hard drive; use your public key to encrypt the files and your private key to decrypt. This is an excellent way to protect sensitive information from outsiders and even employee theft.
6. Anti-theft security
If your device is lost or stolen, anyone can gain access to your personal information. Protect yourself by installing software that can remotely lock and wipe your device with just a few clicks if the worst happens. There are several companies that offer this service, many of which are free or have a free trial period. Be aware that it needs to be downloaded beforehand; there’s no way of installing it once the computer’s out of your hands. Some services will attempt to track your device using GPS location and will send you a camera picture of anyone who uses it.
With a little forward thinking and effort, you can ensure your email account and communications are as secure as possible. The importance of a secure password for every account, changed every three months, cannot be understated and is something that many people take for granted until it’s too late. Some security features such as 2-FA seem cumbersome, but they can protect you from potential personal and financial disaster. Always be aware that websites and emails may not be what they seem; seemingly innocent links and attachments can contain a plethora of security threats. Take a few minutes today to review the security features (if any) that you have enabled on your email account. This could do a huge amount to protect you in the future.