10 Steps to make your email more secure
Your email is the doorway into your life. For most people, it interfaces with almost everything that you do. Even the passwords to the myriad of web sites that you use for everything from meet ups to banking can often be reset via access to your email. The integrity, privacy, and security of email is high on the minds of everyone these days, even folks who historically had little or no insight into how anything works, technically, and didn’t really want to know. Everyone is wary.
There is good reason for this as data breaches and password theft is happening every day, is in pop culture (last comic standing), in the news left and right … such as the purported case of 1.2 billion passwords being stolen recently.
What steps can you take to bolster the security of your email?
1. Use a secure connection
When connecting to your email services over the web (e.g. from Internet explorer, FireFox, Safari, Chrome, etc), be sure the connection is secure. You can tell it is if the address in your browser address bar starts with “https://” and NOT just “http://”. You will also see a closed lock there and, even better, the bar may be green.
The little “s” means that the connection is secured over SSL … the current Internet standard for protecting communications with web sites. See: How does SSL work?
SSL keeps folks from eavesdropping on your email as you read it and from capturing your username and password as your login.
2. Choose a good, unique password
Make sure the password to your email is strong and not easily guessed. Many malicious folks will try lots of common passwords and dictionary words to get in…. make sure yours is not among those. E.g. don’t use “Password1″ … use ” IL0ve Meye DoG!!” (well — don’t use that one now… as its published on the Internet).
3. Do not re-use your passwords
By all means, do not use the same password for multiple sites. E.g. using the same password for Bank of America and Facebook is a bad idea … when your password is stolen from one place, malicious individuals often see if that password can get into other accounts that you may have. Don’t make it that easy for them.
Its not so hard, really: see How do I remember all of these #$@! passwords?
4. Change your passwords
Ya, its annoying, but you really need to change your passwords once in awhile. If a password is stolen and you don’t even know it … this will help prevent that from biting you. Stolen passwords are often not used right away; they can be sat on for a long time and used later “when no one is looking”.
5. Steer clear of big free email vendors
The big free or cheap email vendors (e.g. gmail, yahoo, aol, etc.) are used by so many people that they are huge targets for hackers. An extremely large amount of of time is spent finding ways ways to extract passwords, user data, and other information about you from these places. Using them puts you at risk as soon as the next vulnerability is found.
Smaller, specialized email services companies are generally not big targets, can make changes and adjust to Internet conditions nimbly, and can be a good choice for better privacy and security — especially if the company itself has a strong privacy and security focus.
6. Use excellent email filtering
So many threats come in via email … blocking them before they can affect your computer or trick you into clicking on some link is vital. Ensure that the system in use has virus and malicious email scanning and is well configured. If you have options … it’s usually well worth it to get the best filtering package available. The minor cost of this is insurance against the large cost of a real issue.
7. Two Factor Authentication
If you have to do something besides enter your password to login to your email, then you are probably using two factor authentication. This could be as simple as entering a code texted to your phone or as complicated as using a fingerprint reader key fob. Whatever it is, it is better than needing just your password and it protects you from having your password compromised. Many email systems provide two factor authentication options today and this is becoming more and more standard.
Just be sure you use it…. as this is usually just an “option” and not enabled unless you set it up.
8. Avoid email providers with weak password reset options
If it is easy to reset your password, it may be easy to steal your password. E.g. if a password reset can be easily socially engineered by calling Support, or if it can be requested via visiting the web site without a lot of verification, then your password is at risk and your account’s security is weak. This has been the cause of a large number of issues in recent times… including those affecting Apple computer last year (e.g. this one and others).
Choose a company with strict policies on how Support will respond to password reset requests, that allow automated requests to use multiple factors for validating your identity, and which allow you to disable password reset requests or to refer them to a member of your own staff so you can validate the request yourself (e.g. if you are an organization and not an individual).
9. Use email encryption
If you are sending sensitive data (e.g. tax returns, forms to your lawyer, information to your doctor, etc.), make sure it is encrypted. This prevents that information from being eavesdropped on or stolen before it gets to its destination. It can also prevent that information from being compromised once it has reached its destination.
There are many ways to setup email encryption; the simplest is to choose an email provider that allows you to enable encryption on demand which will work with anyone on the Internet with no software to install. Encryption does take a few extra steps, usually, but these can usually be minimized.
10. Protect your computer
The last, but not the least suggestion, is the care and feeding of your computer. Please, please, set up your computer with automatic virus and malware scanning, especially if you use Windows. Malware can infect your computer from any number of sources (e.g. just surfing the web, or sharing “unprotected” thumb drives). Once infected, malware can take over email programs, hijack your email accounts to send spam and malware, and consume and use your address book. This can be mitigated somewhat by only using web-based email (e.g. WebMail through a browser and not using Outlook and similar programs). But, don’t take chances, treat your computer like yourself … checkups, vaccinations, etc. Its worth it and can greatly reduce the number of incidents of identity theft and increase the longevity of your computers themselves.