In 2014, a hacker group gained access to Sony Pictures. Investigators, in particular, the CEO of Cylance speculated that the hackers targeted Apple IDs with a phishing attack and once a user fell prey to the attack, the hackers made their way into Sony servers.
Such attacks are on the increase and as of last year – 2018, statistics indicate that 1 in 131 emails contain malware. That paints a dire picture and raises the stakes because whether it is personal or business emails, people can no longer afford to ignore email security.
However, to practice email security best practices, it is important first to understand the primary email security threats.
1. Interception of confidential data
Sending any confidential data via email over an unencrypted channel is akin to inviting interception and data theft. An eavesdropping attack, whereby a hacker steals information from an unsecured network, is one of the easiest ways a hacker can access private traffic.
Data are sent in plain text in an unsecured network, meaning that passwords and bank details will be shown in plain sight, hence the best way to protect against interception attempts is to secure your networks if possible, or encrypt your traffic by various means which we shall look into later.
A malware is a software that someone intentionally designs to cause disruption, damage data or gain unauthorized access. Statistics indicate that there are over 600 million different forms of malware.
While malware can hide anywhere and in different file forms, email forms a bulk of the hiding place for malware. That is because it is easy to send an email carrying a malware appear legitimate by making it seem as if it is from a personal friend or co-worker.
As a result, especially because people do not take time to confirm that the email is actually from the intended sender, they open the attachment with the malware and infect their devices. The malware then causes damage, and by the time you or the IT department realizes what is happening, a lot of sensitive data might already be gone.
3. Phishing attacks
A phishing scam occurs when a criminal sends an email in the guise of someone else, such as your company CEO, in an attempt to fish for sensitive information from the target.
Often, the email seems urgent, and it can elicit curiosity or fear making it impossible for the target not to open the email. Once the target opens the email, he/she is then prompted to surrender a user name, password, credit card number and so on.
Chances are you’ve run into a phishing scam before as they are highly prevalent all around the world. A 2017 report indicates that cybercriminals create close 1.5 million new phishing sites every month making it arguably the greatest email security threat.
4. Weak passwords
Weak passwords are yet another significant email security vulnerability. They can be easily compromised in a brute force attack. You might think that a password with personal clues like ‘marvelfan1988’ is far from generic but the truth is, it takes only 15 hours to crack it by brute force.
Once they get access to your email, then they have access to everything else they might need – phone number, answer to your security question, banking, and credit card details, even details to online financial accounts such as PayPal. This is also why holding down your email security fort is so vital.
The situation becomes direr if you use one password for all your online accounts because that means the hacker can now access your entire digital life.
5. Stolen devices
Admittedly, stolen devices are the least concerning email security threat. However, one cannot afford to ignore because once a thief steals a device, all they have to do is tap on view emails and they have access to all manner of sensitive data.
Now that you understand the major email security threats, the question now becomes, what are the ways to improve the security and privacy of your emails? Below are three key guidelines you can follow to ensure you improve your email security.
Ways of Improving Your Email Security and Privacy
Ensure That You Always Use TLS
TLS is Transport Layer Security, and it is a protocol that encrypts any connection to a website, a server or another client. Also, the protocol verifies that any server you connect to is authentic.
Note also that TSL encrypts communication between one server and another which means it offers all-around protection. With TSL, it becomes harder to intercept confidential data – the number one email security threat mentioned above.
To ensure TSL is activated, especially if you are using an external email client, open the client and go to settings. Under settings look for STARTTLS or SSL/TLS and activate the option. If any of these two options are not available, then find – connect only through an encrypted channel.
Scrutinize Attachments, and Be Cognizant of Tracking Links
With attachments, it is advisable to only open those that you trust. However, it might always be possible to verify a sender. In such a situation, it is vital to remember that the pdf, doc, and xls are the file formats which tend to be most infected.
Either open these files in a virtual machine or take advantage of any in-build tool your Webmail provides to open such files.
With regards to links, avoid clicking on the links and instead, copy the address and open in a new tab. That will help you avoid the tracking code embedded in the link by companies or individuals designed to track how many people opened the email.
Also, if the link is designed to send you to a phishing site, by copying it and scrutinizing it further, you might avoid the phishing attack.
Whenever you are careful with tracking links, and you scrutinize attachments, then you have a higher chance of avoiding malware and phishing attacks.
Use Strong Passwords
Strong passwords are the foremost deterrent to an attack due to weak passwords. As an individual or a business, insist on strong passwords; preferably longer than 12 characters, and composed of letters, numbers and special characters.
In addition, each login should have a unique password. You should never use the same password for two or more accounts.