Email is still the most common form of online communication out there — in fact, it’s reported that a staggering 269 billion emails are sent every day! It’s been the standard pretty much since the dawn of the internet. Email is easy, universal, and it can get to anywhere in the world in a blink of an eye. We use it to share almost anything, and depend on so much that is has become fused with our identity.
Since it’s so easy, we don’t really think a lot about it. But do you know what happens under the hood when it comes to email communication? If you’re like the average person, you don’t bother to learn the ins and outs if you can rely on your email provider to make it work. Some people liken it to a postcard — it’s pretty likely to arrive safely at its intended destination, but anyone along the way can sneak a peek if they want to (although they’d have to be pretty sneaky). But don’t fret; there are a lot of things you can do yourself to improve the security of your email.
Email has always had safe guards in place to make it reliable, but since it has to remain compatible with those still using older technologies, servers, or clients, security isn’t always enforced by email providers. Usually, it’s up to you, the client, to take the next step. The last thing you want is your messages falling in the wrong hands, or even worse, to have a hacker gain control of your accounts. We all remember the news from the US elections about email hacking, and it might make you wonder…if they can’t stop it, how can I? But there are a lot of simple and easy steps you can take to lessen the chances of it happening to you.
1. Remember that email is not always secure.
Your message can make multiple stops throughout its travels, from you, to your email provider, to the recipient’s email provider, and then to the recipient. While for the most part there is little risk of someone intercepting your email, the biggest risks lie between you and your provider. Most modern email clients allow you to securely communicate with your email providers, but if you’re not careful, there can be opportunities for people to listen in.
As long as you can trust your email provider not to read your email as it passes through their servers, your goal is stop hackers and criminals from doing the same. This doesn’t just apply to your personal email. For workplace emails, this might mean that the email provider is your tech support guy. Always be aware of how your workplace handles email communication and what security measures they take.
The trick is to always make sure you know where your email is going and who exactly is going to read it. Don’t be reckless when replying to and forwarding emails, and always double check that it’s going to the right address. The most effective way to keep your email secure is to recognize the fact that it isn’t always safe, and to act accordingly.
2. Make a strong password and change it regularly.
The majority of account hacks happen because of weak password policies — it’s shocking how many people try to use basic passwords like password123 or 12345. Hackers will often have strings of coordinated computers, called botnets, that regularly look for easy to hack accounts. People who use simple passwords are easy targets because they are more likely to have other poor security measures.
While your email provider will have ways to help detect hackers (or maybe your ex) and stop them from breaking into your accounts, nothing is completely foolproof, so make sure your password is not easy to guess.
There are three key parts to a secure password: make it it long, complex, and always be sure that’s its encrypted. Of course, the the longer your password is, the harder it is to guess; but even a long password can be easily cracked if it’s not encrypted. With this in mind, there are just a few basic steps for making a strong password:
- Make it at least 8 characters, or even better, around 16. Try to use a mix of upper and lowercase letters, numbers, and special characters (if allowed). The more random and complex, the better.
- Don’t spell out a recognizable word or phrase, especially words like ‘test’ or ‘password’. NEVER use your name in any way, shape, or form as part of your password. Remember, anything that makes your password easy for you to remember makes it easier for hackers to break in.
- Change it regularly, around every three to six months. Some hackers have a lot of patience, and changing it means they have to start all over again. They might even already have your password without you knowing!
But how am I supposed to remember my password? If you trust your home or work environment, it might be a good idea to keep your password on a sticky note. There’s also lots of specialized software out there that can automatically generate, encrypt, and store secure passwords for all of your accounts. Now, you can be secure without using any additional brain power.
3. Never reuse your passwords.
So you’ve spent some time and have come up with the perfect password. Now all of your accounts are good to go, right? Unfortunately, you’re only halfway there!
We’re all guilty of using the same, easy to remember passwords for multiple accounts. After all, we’re busy people and it’s not that big of a deal, right? (Spoiler alert: we’re not that busy, and it is a big deal.) It’s not just our passwords; unfortunately, most of us are guilty of reusing our email address as well. Some of us may even use the exact same credentials for more than one account; that’s when the trouble really starts.
Given the publicity lately of so many services having their data hacked, it’s easier than ever for hackers to swoop in and snatch up your login information. Once they have that, your world is their oyster. They now have access to your email, schedules, and maybe even your bank accounts.
Lastly, it’s always important to remember that even the strongest passwords aren’t foolproof. If your provider offers security questions, use them! But remember — any information that can be found about you online can be used against you, even if it seems innocuous, and especially if it pertains to a security question that could help hackers reset your password (more about that later). Social engineering is also still a favourite tool for hackers. Armed with your information, they can call up any service you use and easily impersonate you in order to reset your password.
Passwords can be hard to remember, but you must fight the urge to recycle. It may seem convenient until one account gets hacked and then they all become vulnerable. Use strong passwords for every account, even those that don’t matter too much to you. A common way for criminals to get access to your important stuff is go for the low hanging fruit first, and then move their way up the tree until they get the good stuff.
4. Only transmit information over encrypted channels.
The number one way to get your email hacked is not making use of your email clients encryption settings. To the average person, connecting to the internet may seem like a pretty basic endeavour. In actuality, there are multiple different types of network connections, and not all of them are safe. SSL (Secure Socket Layers) is the industry standard for ensuring a secure connection from your web browser, email client, or any other tool. If you’re using a browser or webmail, check for the “locked” image beside the url; if you’re using an email client, make sure you’ve selected an SSL or TLS (Transport Layer Security) connection. If you’re not sure about your connection status, ask your ISP.
Who Are You Connecting to?
Using an uncertified connection can allow anyone to listen in, even the nice looking people sitting next to you at your favourite café. It’s not necessarily a secret that those super convenient free wireless networks aren’t secure. Often, they’re provided by an old wireless router that might already be compromised. Always double check which network you’re connected to. Often, your device will automatically use the strongest connection, whether it’s Starbucks Wi-Fi or a cheap portable hotspot sitting comfortably in a hacker’s laptop bag. Your home network isn’t secure, either. If your TV or wireless router gets hacked, the first thing a hacker will do is sniff your network traffic. Any information you send, including your passwords, can be viewed almost immediately.
All modern email clients now allow you to use TLS and SSL encryption before sending any sensitive information. If you’re not using a client, and it’s not already provided by your email provider, there are ways to encrypt your messages yourself. No matter which method you use, this is one step that should not be overlooked.
5. Use tough security questions.
Most email services will allow or maybe even require the use of security questions in order to gain account access. While this can be an effective deterrent, it definitely won’t stop someone who really wants to get in. By making your security questions difficult to guess, you can keep your account that much safer.
When creating security questions, there is usually an option to make your own or choose from a pre-selected list. If you are able to, create your own questions and make the answers as obscure and random as possible. If not, use false information as your answers; you’d be surprised to learn how much information about you can be found online or even just guessed. Just make sure that your random security answers aren’t so off-track that you forget them yourself!
In addition to these steps, it’s a good idea work with your provider directly to ensure that only secure access is permitted and no one is able to impersonate you for a password reset. They may also have their own ways to lock access down to predetermined locations or even your own personal devices.
6. Use a good virus checker.
Anyone who’s ever used a computer knows about the importance of good antivirus software. Your device can become infected in any number of ways, but the most common by far is unknowingly clicking on a malicious link or email (commonly known as phishing attacks). Sometimes it’s obvious, but usually it seems like business as usual until catastrophe occurs. The longer you’re unaware, the more time they have to gather everything they can in order to cause the most damage possible.
Once they’ve gained access to your email, that’s it — they’ve found the jackpot. If there’s one thing viruses love to do, it’s impersonating you in order to read your emails. Using information they find there, they can wreak all sorts of havoc, costing you financial reparations or even your reputation. Not only can they corrupt and destroy your files, they employ a variety of techniques to steal your information, including watching your keystrokes to steal your passwords.
7. Be aware of phishing attacks.
Phishing is one of the most common ways that your email can be attacked. While it may seem obvious and easy to just ignore, millions of people are victimized every year. Surprising, right? Phishing attacks are characterized by emails that seem innocent, but then ask you to click on a link or download an attachment. It might seem ok at first, but watch out! These are just sneaky ways to gain access to your account, obtain personal information, or even install a backdoor on your device. These scammers are smart cookies; they can forge emails to make it look like it comes from a friend, co-worker, your boss, or even government agencies.
Always pay attention to tell tale signs, such as unofficial or misspelled addresses (always make sure the email address matches the sender name) and never click or download anything from anyone you don’t know. Consider setting your email clients restrictions a little stricter. While we all like pretty emails, accepting remote images, content from insecure sources and attachments might not always be in your best interest. Ask your email provider what options they have for spam protection. Keep in mind though, spam protection is often a game of cat and mouse, and the bad guys have nothing but time on their hands.
8. Update your software regularly.
When that nagging alert pops up yet again to remind us to update our software, most of us have the same reaction. Who, in this day and age has, the time to sit there while seemingly futile updates install or even, god forbid, restart the whole thing? Again, the answer is, you do. Failure to install updates in a timely manner can leave you open to huge security risks, not to mention bug fixes and improved overall functionality.
Hackers are more active than ever and will always sniff out holes and other vulnerabilities in a program’s code, especially once an update is released and these exploitable entry points become public knowledge. As quickly as they’re being fixed, new ones are found and software providers are forced to go through the entire cycle again and again. Hackers will start using new exploits and vulnerabilities within hours of them being discovered.
Believe it or not, once they’re in, hackers have the ability to disable automatic updates or even turn off your antivirus software. This allows them to roam freely around your device, accessing and transmitting documents and data to their remote servers or even wiping them out entirely. If nothing else, this alone should be enough motivation to sit through an update. Remember, good security starts at home.
9. Read and understand your email provider’s Terms of Service.
The TOS given by your email provider will let you in on important information about which security measures they have in place, and what you need to take care of yourself. Sure, they could’ve bragged about their cool security features already, but there are always little tidbits hiding in there that you should make yourself aware of in order to better protect yourself. Often they might reference security options that you are not even aware of. Keep an eye out for any third parties that they might be sharing your information with. Some services will require information about your login credentials, the contents of your messages, or even your user behaviour.
This is especially true when dealing with free email service providers. Their best interests are not always your best interests, no matter the reasons they give you. Often, they might be doing things that you don’t expect, like automatically scanning and sharing your private emails, interests, and personal information with marketing companies. (we’re looking at you, Google and Facebook).
Consider using a trusted source, which often can be your ISP. Even better, consider getting your own domain name, so that you can keep your identity forever. Ask your ISP if they will host it for you.
10. Check out your ISP’s email service.
Not all email clients are created equal, and it is estimated that 25% of all users now use webmail as their primary email client. Usually, your ISP will have their own webmail option for you to use, and you might be surprised at what advanced tools are available. For instance, they might allow you to only allow access to your account via secure connections or through certain services, devices, or countries.
It’s also a good idea to see what alerting tools they have to let you know when someone unexpected is trying to access your account, and to make sure that any notices about your email account are truly legitimate. Usually, anything telling you that your account has been locked or suspended is probably fake. Even if you’re sure it’s legitimate, never click on the links in the message; go to your their site directly or call them just to make sure.
Remember, not all email clients might have these more secure settings. You may be able to set up more secure settings via the webmail portal, and continue use your favourite email client. Each one is unique, and it’s up to you to find the combination that works for you. At the end of the day, what you really want is that you are the only one to access your email address and passwords.
11. Never give out login information. Ever.
This last step may seem obvious but it is by far the easiest and most effective way to keep your account more secure. Your friends and family don’t need access, and never will there ever be a legitimate service or company that will require you to provide your login credentials — those guys are never up to any good. If you find yourself in a situation where you think your account may be compromised, change your password right away. If you already forgot how to make a strong password, hop on up a few paragraphs and you’ll see a nice step by step guide for doing just that. It might be annoying, but it’s always better to be safe than sorry.
Any account can and will be vulnerable at some point — but that doesn’t mean you need to stop using your email altogether. Thankfully, there are lots of ways that you can keep your email secure and your messages safe from prying eyes.
Don’t be left out in the open! Download your free guide below:
How to Keep Your Email More Secure (140 downloads)