be Smart.
be Secure.
Phone: 800-441-6612

12 Email Security Tips to Protect You in 2015

2014 has been a year of public security awakening … high profile breaches, extensive and terrible vulnerabilities in pervasively used software, and a fear and awareness of eavesdropping by governments and covert organizations.

2015 is poised to continue the trend.  Security has transformed from being something you take care of by buying a product and forgetting about it, to an escalating war with security professionals constantly parrying against increasingly sophisticated attacks.  More and more the burden is being placed on individuals and small businesses to have an awareness of the security landscape, to understand the risks of online activities, and to use common sense and evolving tools to protect themselves.

As 2014 winds to a close, here are 12 things that you can be doing to proactively protect your email accounts and identity in 2015:  

1. Use Two-Factor Authentication

Two-Factor authentication protects your account in the case that your username and password are compromised.  In addition to your password (the first “factor”) you need something else (such as access to your phone) in order to successfully login.  Check with your email provider and enable Two-Factor authentication if they provide it.

We recommend using Two-Factor authentication whenever possible, including with social medial sites such as facebook and especially for your email.

2. Use different passwords for each site

If you use the same password for multiple web sites, then the probability of that password being compromised increases dramatically.  Furthermore, if it is compromised, the attacker then has automatic access to all of the places that you use that password.

Make sure that the password used for access to your email is different from all of your other passwords.

3. Use strong passwords

Strong passwords are hard to guess.  These days, it is easy for a computer to try millions or 100s of millions of possible passwords in a very short time.  So, if your password is based on a word in the dictionary with a few permutations, such as “Appl3” … that could be easily discovered.

Instead, pick passwords that are easy to remember and which are comprised of multiple words and numbers or symbols.  E.g. “My son loves pizza pies!”   This is an easy sentence to remember, contains mixed case and a symbol, and would be exceedingly hard for a computer to guess.

4. How to remember your passwords

The biggest barrier to using different, complex passwords for your various email and other web site logins is tracking and remembering them.

This is really not such a big deal anymore as there are a myriad of applications for your computer or phone where you can save all of your passwords, securely, in one place where you can get at them when you need them.

We recommend using a secure password storage area that is in the “cloud” and which you can access from any computer, anywhere — so you are never without access to your passwords and so you can grant other people access to them if needed and desired (e.g. your spouse or for estate planning).

5. Change your passwords frequently

Possibly more of a pain than having multiple passwords is changing them.  However, you never really know if a provider has been hacked and your passwords have been compromised until long after the fact.  In the mean time, your password may be “out there.”

It is best to change your password periodically, at least for those accounts that are most important (e.g. your bank, your email, etc.)  In this way, you protect yourself against someone using an old password to access your account.

Many providers allow you to setup schedules that auto-expire your password, so that you are forced to update it periodically (such as every 3 or 6 months).  This is best, as it does not allow you to “skip it” just because you are being busy or lazy.

6. Enable alerts on failed and/or successful logins

What if someone does access your account without your knowledge?  Wouldn’t it be best if there were a kind of “trip wire” that would be sprung so that you could detect this access immediately and take action to limit the damage?

Many providers allow you to enable automatic alerts that will send you an email or text message to any address you like, when there is a successful login or when there are failed login attempts.  If you get an alert and see logins that “were not you,” then you can call the company and take action to lock down your account.

7. Lock down access to your IP or Geographic Location

Many attackers that try to login as you or attack your account are coming from foreign countries or regions distant from where you are usually located.  Many email providers provide options where you can lock down access to your email account so that you can only access it from specific computers (e.g. from your home or work IP addresses) or from certain regions (e.g. Massachusetts or USA).

This goes a long way towards stopping attackers from even trying to gain access to your account.

8. Send sensitive information securely

Sensitive information is being sent over the Internet more and more frequently.  Medical records, tax returns, legal documents, divorce agreements, company roadmaps and product plans … all contain very sensitive data.

It’s good to have an option for “Email Encryption” in your tool box so that you can be sure that such messages are secured on demand and to prevent them from being stored or transmitted insecurely leaving them vulnerable to capture by attackers.

9. Use good email filtering to protect you from viruses, malware, and scams

The vast majority of email is spam.  A substantial fraction of that spam is designed to attack you in some way — to infect your computer, convince you to download malware, or trick you into divulging sensitive information or money.

A good spam and virus filter can stop most or all of these malicious messages before they reach your inbox…. and before you have to waste your time and brain power trying to decide what is legitimate and what is not (and that can be very hard).

10. Use good email filtering to protect you from fraud

Fraudulent email messages are those purporting to be from one person (e.g. a friend, co-worker, or family member) but which are really from a spammer, attacker, or other malicious individual.  Usually this is just a trick to get you to open and read some spam.  Sometimes, it is a trick to get you to trust the message and take some action … from sending someone money to opening a door to giving someone a “forgotten password,” etc.

Good filters can detect forged email in many cases and protect you from bring tricked by this kind of fraud.  Look for filtering services that include SPF, DKIM, and DMARC filtering technologies…. and be sure these are enabled.

11. Keep email archives

Keeping a separate copy of the messages that you have sent and received is a good practice for both businesses and individuals.

If your email is hacked and messages are deleted, you may lose a lot of information that is essential to your day-to-day life, business, health, etc.  By having a separate, immutable archive of these messages, you protect yourself from loss (and you also protect yourself from you.  Who has not accidentally deleted something important?)

Hacked email messages can also be altered in some cases.  By having a separate archival system designed to prevent the deletion and modification of your email, you always have a “true copy” of all of your messages.  This is essential in any legal situation.

12. Choose a good email provider

The security of your email is ultimately in the hands of your email provider; it is up to you to make a good choice.  Consider:

  • Big companies are big targets
  • What is their security stance?
  • Will they treat your email with the privacy and confidentiality you need?
  • Do they have features you can use to lock down security for your account?
  • Do they provide encryption options for you?
  • Can you call them and expect meaningful and timely help?

Think about your current email situation and your risk … maybe its time to shore up your email defenses and turn on some security features that you have not yet used.  Maybe its even time to choose a new provider that can better protect you.

Leave a Comment

You must be logged in to post a comment.

• Access Anywhere
• Fast and Robust
• Super Secure
• Tons of Features
• Customizable
• Mobile Friendly

Send and receive email from your favorite programs, including:

 Microsoft Outlook
 Mozilla Thunderbird
 Apple Mail
 Windows Mail

... Virtually any program that supports POP, IMAP, or SMTP

Keep your email, contacts, and calendars in sync:

 Apple iPhone and iPad
 Android Devices
 Windows Phone

... Any device with Exchange ActiveSync (EAS) support

Relay your server's mail through LuxSci via smarthost:

• Resolve issues with ISP sending limits and restrictions
• Improve deliverability with better IP reputation and IP masking
• Take advantage of Email Archival and HIPAA Compliance
• Even setup smarthosting from Google Apps!

Free web site hosting with any email account:

• Start with up to 10 web sites and MySQL databases
• DNS services for one domain included
• Tons of features and fully HIPAA capable

LuxSci's focus on security and privacy:

• Read The Case for Email Security
• Read Mitigating Security & Privacy Threats
• Review our Privacy Policy

The most accurate, flexible, and trusted filters in the business:

• Premium protection with Intel Security Saas
• Realtime virus database guards against the latest threats
• Seven-day quarantine lets you put eyes on every filtered email
• Supplement with our Basic Spam Filter for even more features

End-to-end secure email encryption — to anyone, from anyone:

• No setup required — encryption is automatic and easy to use
• Secure outbound email with TLS, PGP, S/MIME, or Escrow
• Free inbound encryption via our SecureSend portal
• Independent of your recipient's level of email security
• Widely compatible and fully HIPAA Compliant

Add an extra layer of security with an SSL Certificate:

• Secure your web site
• Debrand LuxSci WebMail with your own secure domain
• Access secure email services via your own secure domain

Encrypt your service traffic via secure tunnel:

• Add another layer of security to your SSL connections
• WebMail, POP, IMAP, SMTP, web/database access
• SecureForm posts, SecureLine Escrow, SecureSend access
• Restrict your account to VPN access only

Secure long-term message archival:

• Immutable, tamperproof email retention with audit trails
• No system requirements — minimal setup, even less upkeep
• Realtime archival of all inbound and outbound messages
• Works anywhere — even with non-LuxSci email hosting

Free data backups included with all email hosting accounts:

• Automatic backups of all email, WebAides, web/database data
• Seven daily backups and up to four weekly backups
• Unlimited restores included at no additional cost
• Custom backup schedules for dedicated servers

Automate your email management:

• Save messages to specific folders or to LuxSci WebAides
• Advanced text scanning with regular expressions
• Tag messages, alter subject lines, or add custom headers
• Filter by message charset, type, TLS status, DKIM status
• Chain filters together for even more complex actions

• Bulk add and edit users, aliases and more
• Control sharing and access globally or on a granular level
• Delegate user roles through permissions
• Configure account-wide taglines, sending restrictions, and more
• Remotely administer account via SOAP API

Share, collaborate, organize, synchronize:

• Calendars, Contacts, Documents, Notes, Widgets, Workspaces
• Fine-grained access control and security
• Access anywhere via secure web portal or smartphone
• Save over solutions like Microsoft Exchange

Free folder sharing for all email hosting accounts:

• Share mail folders with other users in your account
• Subscribe to only the folders you want to see
• Set read-only or read-write access control
• View all personal and shared folders via unified web interface

Color code and label your email messages:

• Define and assign multiple IMAP keywords to each message
• Filter, search, and sort by tags
• Compatible and synchronizes with any IMAP email client
• Also usable with WebAide entries