So much of our personal information can be found in our emails. This includes details of our finances, employment, relationships, health and so much more. That’s why good email security is vital to keeping ourselves and our network free from hacks and scams. Unprofessional would be an understatement when phishing emails from your account start plaguing your work contact list.
Once your email is compromised, your other online accounts registered with it might suffer the same fate. A ‘forgot password’ attempt triggers a password recovery email that goes to none other than your email account and losing to scammers or hackers on that front means all account security measures will be cut loose. Once they change your password, you’ll even be locked out of your own account. Without further ado, here are tips to setup preventative measures to improve your email security.
#1 Use a Strong Password
Make a habit of changing your password to be sure that nobody else can access your account. Not any password though, your password should always be strong, random and unique.
You can also enable two-factor authentication on your email account. It works by sending a one-time secondary password to a registered phone number via text message. This makes your account difficult to access, even if someone knows your password.
You can maintain good security by managing your account regularly. This includes checking that your emails are not being automatically forwarded to another account by anyone via redirects or filters. You can also check your login history and see if there is any suspicious activity. Your email provider might allow you to connect your account with other platforms or applications. Therefore, you should ensure that all connections are needed and trustworthy.
#2 Use Transport Layer Security (TLS)
Transport Layer Security (TLS) ensures that your connection with a website is encrypted and verifies the server’s integrity that you’re connecting to. TLS is also for encrypting connections to an email server as well as the connections between email servers. You can check if your connection is encrypted between email servers by using the CheckTLS tool. Make sure an encrypted channel is used to fetch your emails when using an external email client, like Outlook or Apple Mail.
#3 Be Aware of Tracking Links and Don’t Load Images
Companies will often use a link that tracks the scope and effectiveness of their emails, especially newsletter providers. They can see how many people read the email, clicked on specific links or even forwarded them.
Your browser will usually show the link’s destination when you hover over it with your cursor. To inspect it further, you can copy its destination into a text editor. Loading the link on the Tor Browser to hide your location; however, the time that you opened the link would still be revealed.
These mailers can also include images in their emails which are automatically loaded by a remote server when you open the email. A tracking code is contained within the image which reveals whoever opens the email to the mailing list administrator. To avoid this, you can configure your email provider not to load any images received by default.
#4 Be Careful with Attachments
Make sure the email sender is trustworthy before you open on any files attached to the email as it could contain malware, such as trojans and cryptolockers. You can use the built-in functionality to open the file formats commonly infected such as doc, pdf, and xls on your webmail provider or use a virtual machine to open them.
Keeping your computer updated and using antivirus software will provide some protection, but they will not guarantee that your computer is free from virus’.
#5 Use PGP to Encrypt Your Emails
Encrypting emails will prevent them from being intercepted, snooped on, or altered. Even professional and well-funded hackers would struggle to get around this.
PGP or Pretty Good Privacy, also known as GNU Privacy Guard (GPG), is a software that can be used to encrypts your emails. This software will ensure that only the intended recipient is able to see the contents of your email; however, the recipient must also use the software.
PGP will create a key-pair of public and private keys on the sender and recipient devices. These keys are used to encrypt and decrypt emails, as well as verify their authenticity.
While PGP is very secure, it does still leave some metadata out in public. Metadata includes the recipient and sender’s email addresses, the time when the messages were sent, and also the email size.
It is very difficult to avoid revealing your identity in metadata and may only be possible if you quit emailing completely. If this is a major concern, there are alternatives. Try Off-the-record (OTR), which is an encrypted chat protocol that does a better job at protecting your identity. Not only are your messages encrypted, but each conversation is given a unique key that prevents unauthorized access.