Due to its ongoing value, it is likely that for the foreseeable future, email will continue to be an integral part of our lives. Its popularity means that email is a prime vehicle for intruders seeking to steal personal data and more, mostly through phishing attacks. Protecting your email from compromise is, therefore, good use of your time.
Electronic mail (email) is one of the most used technologies in the internet era. According to research firm Radicati, the number of worldwide email users will grow from 3.8 billion in 2018 to over 4.2 billion by the end of 2022.
Email has become more than just the electronic version of the physical postal system. Our email addresses are often the way we identify ourselves to many of our online services and subscriptions, often serving as our usernames in many cases. Additionally, in addition to relying on it for personal communications, many of us use our email inboxes as personal filing cabinets for storing all the digital information we receive from multiple subscriptions and service providers.
So why should you be concerned?
Email has made it easier for hackers to target us, often exploiting weak credentials to launch phishing scams that could lead to fraud and identity theft. Since most of us hardly ever delete anything, our inboxes are a rich resource for hackers looking to build a map of our entire lives in the physical and digital world.
Email intrusion can also be a prelude to more sophisticated and targeted attacks – including hijacking your other online identities and accounts. The ability to find your email address and correlate this with other digital information about you is easier than ever before. It is likely, for example, that your email address correlates to your social media profiles. When correlated, this can prove useful to attackers crafting targeted messages designed to trick you (or others) into doing something potentially detrimental to your security or privacy. This is a form of social engineering.
There is also the ‘not so small’ matter of having years worth of personal communications and data sitting in our inboxes. Losing access to your inbox can be a very stressful experience.
Protecting your email from compromise
Given the risks associated with email, it is important to take steps to secure your email accounts. Here are three steps to take right now to ensure your email account(s) are secure.
1. Review the security of your email account(s)
If there is one online profile that most deserves your focus, it is the email address you use the MOST to identify yourself online. If your email is the same one you use to access your social media, banking, shopping, and other online services, then you are at greater risk of your entire cyberself being compromised. Consider the following:
Review passwords for your ALL your email account(s): Make a list of all your email accounts and review your passwords. Make it a habit NOT to use the same password on multiple sites. Need help creating stronger passwords? See this useful resource.
Use advanced security features offered by your email provider: Many major email providers provide FREE advanced security features such as registering your authorized devices and using multi-factor authentication. Take advantage of these tools.
Secure the devices used to connect to your email: Make sure all devices that you use to access your email accounts have basic security controls including PINs/passwords, antivirus, and regular security updates.
2. Practice good email hygiene
Don’t be a hoarder. No one likes a hoarder. Not only can a messy inbox be mentally stressful, but it could also be detrimental to the security of your personal data. Consider the following:
Keep your email inbox clean: Apart from the advantages that come with being organised, it makes sense to refrain from keeping sensitive data in your email indefinitely. Delete what you no longer need. Also, consider retaining important or sensitive documents or emails in a secure file server either locally or online (e.g. using services like Google Drive, DropBox, etc.)
Unsubscribe from mailing lists you no longer need: Uncluttering your inbox will increase your ability to only see the things you want to see. Some email services like Gmail do a pretty good job of removing the clutter of spam and subscriptions. However, unsubscribing from mailing lists you have intentionally (or unintentionally) signed up for is one of the fastest ways to clean up your inbox.
Create separate emails for different activities: Another safety/hygiene hack is to create separate email accounts for different types of activities. Consider creating separate emails for different purposes such as personal correspondence, financial correspondence, bills and subscriptions and so on.
3. Stay on top of your good email security habits
Finally, all of the preceding advice is useless if you do not stay consistent. Forming good habits around email security may require an initial time investment. However, protecting your email from compromise will save you grief in future. Consider the following:
Be aware of phishing schemes. Stay vigilant: Phishing is not a new concept. However, phishing scams keep getting better and victim statistics appear to indicate that we keep falling for them. Any time you receive an email asking you to click on a link, download or freebie or claim a prize in a competition you don’t recall participating in, it is best to just assume someone is trying to pull a fast one on you.
Avoid sending sensitive information in email (or as attachments): There are many other alternatives available to ensure that your sensitive information is not living on some email server for eternity. Refrain from sending sensitive information or attachments in email and request others do the same when requesting such data. Consider using tools like Google Drive, DropBox, or other alternatives to provide access to specific individuals and remove their access when no longer necessary.
Opt-out of subscriptions right away: Although privacy regulations such as the EU GDPR prohibit organisations from automatically opting you into receiving marketing and other subscriptions without your consent, many still run foul of this. When you sign up for new services, take a moment to review your mailing preferences. Opt-out immediately from unnecessary subscriptions. Better still, except it is mandatory when signing up for new services, avoid providing your email address wherever possible.