6 steps to better email security

23rd Nov 2020

What are the best ways to keep your email secure and private? The list below was inspired by Ben Stegner who writes widely on helping consumers better understand technology.

Cold calling and other dubious marketing activities are founded on the collection of data from all possible sources using fair means and foul. Some of the details you quickly input in response to email requests can end up on those lists. Use the points below as pause for thought and see which of them are easy to adopt immediately. We’ll be writing in greater depth on some of the activities that require a little more effort.

Protect your friends by sharing this article with them:

1. Separate your life with different email accounts

This is just a case of not placing all your eggs in one basket – and is a similar logic to how you likely put your savings in more than one place.

If everything is in one email account and it is hacked then the hacker can read and see everything. Separating your work and personal life into separate accounts has been popular since the start of email but think about going one step further to setup an email account for leisure and holidays and another one where you would choose to direct potential spam.

TIP: Do a search on the word “Welcome” in your mail email inbox. Imagine how many of those websites could be compromised if a hacker got into your email account?

2. Set a strong password that is unique for each email account

It’s incredible how many people still use the same password repeatedly across their internet accounts. Stop doing that. Make a promise to make them all different and start by changing each one the next time you log in again. Remember that a strong password is long (longer the better), is a mix of upper and lower case, has numbers and symbols and has no ties to you as an individual.

Beyond these basics you should consider using a password manager like LastPass or 1Pass. IPS will write more on this soon.

3. Enable two-factor authentication wherever possible

Doubling down to increase password security involves making use of two-factor authentication (2FA) whenever it’s offered. If a hacker got hold of your email login details, including the password you use everywhere and wanted to access your bank account they face defeat if it requires a code that’s sent your mobile phone to gain access. It does slow things down a little but the increased security pays off with the peace of mind you will enjoy knowing you made it extra hard for criminals. It’s likely you have these in place with your bank and Apple/Google (see below) but this method is increasingly popular so make use of it where you can.

4. Look out for Phishing emails

You will see from the IPS member poll and Amazon Prime articles that Phishing emails are everywhere. Phishing is a relatively safe and anonymous way for fraudsters to try their luck in tricking some email recipients to divulge sensitive information like passwords, account numbers and credit card details in response to authentic looking emails.

They are Phishing for your data and are incredibly smart, sneaky and duplicitous in trying again and again. It usually involves an email that is so convincing – in appearing to be from Amazon or PayPal or HMRC –  that the unthinking consumer accepts it as genuine and starts tapping in data that fraudsters either sell or use for a scam they are running themselves. You will almost always be invited to confirm or update some details to “remove a pause on your account” or “facilitate a rebate or prize or upgrade”. The links you click from the email will lead you to a non-official website created to hoover up that data.

TIP: If it feels fishy it probably is. Don’t enter detail into webpages that come from email links out of the blue. If in doubt login to your account in the normal way to investigate or contact the company yourself.

5. Never click links in emails

The follow on from point 4 is not to click dubious links as they pose a risk. Any actions you take in response to a scam email reveal something to the scammer. One click tells them that you are a real person and your email address is active and being used by you. That same click tells them that you are open to clicking on fake emails – it can lead on the fake website that they want you to visit this time, but it’s also evidence that they can try their luck again later.

TIP: If it sounds worrying that’s good. Don’t click links and emails that you didn’t expect to receive.

6. Don’t open attachments you're not expecting

You should treat attachments in emails the same way as you do with links. Be suspicious of anything that arrives unexpectedly and err on the side of caution if it’s not something you can explain (like something a friend sends regularly).

The instant you click one of these attachments a process can be triggered that downloads malicious software onto your computer or phone. Fraudsters are clever enough to make it appear innocent at first glance, but it is often a virus or malware or ransomware in disguise. These are all bad news.

IPS Summary

Email security is still hugely dependent on the decisions and behaviours of you, the person on the receiving end of the email address. Email providers are improving all the time with automated techniques to identify spam and danger, but fraudsters are able to bypass those protections with innocuous looking emails that carry invitations to click.

If you follow this advice and don’t click on anything out of the ordinary, then you are likely to be fine and your personal data and digital identity will remain secure under your control.

Have your say

As an IPS member, you can leave us your thoughts, comments and experiences in the commments section below

Leave a Reply

You must be logged in to post a comment.