Email Security Best Practices

What is Email Security? Electronic mail or e-mail is the most common method of exchanging messages between people nowadays. Of course, the exchanging of messages is done using electronic devices. But the question here is, how securely they can be exchanged? Specifically, without leaking the information in the messages to the hackers or your email address to the spammers.

Did you know? Cyberattacks are in rising. Among the Cyberattacks, Email attacks are more common. Why is an email such an easy target for hackers?

In the first place, we’re people and sometimes we make mistakes. Even careful and aware people could and would click on malicious attachments and links that are received through emails. And why is that?  Because education isn’t enough. People continue to click on things that look doubtful.

Second, most people aren’t trained to recognize phishing attempts. And often they fall prey to attacks by either clicking on links or opening attachments in emails.

Third, Malware is becoming more sophisticated. And Phishing tools are available at low-cost and widespread.

So, what are the best practices that one can follow to ensure Email Security? Below are some best practices compiled from the web and that you can follow.

Email Security Practice #1: Be Suspicious and Check for Confidential Content.

Always be suspicious of an email asking you to confirm personal or financial information over the Internet or marking “urgent” requests for this information. Another key point is to look at the email address. Most of us don’t even look at the email address where the message has come from. Not to mention, selecting the display name and email subject line is a choice of the email sender and hackers often use this to create bogus email addresses.

As discussed above, bogus email addresses appear to be genuine from the Sender. But, there’s a red flag here. The sender’s address is ‘Admin@hotmail.com’. A genuine email from a legitimate organization will have the organization’s name in the domain name. For example, @paypal.com.

Email Security Practice #2: Check Domain Name in From, To and Reply-To.

Check whether the email address is from a known domain even though it claims to be a trusted one. And, whether the email you received is from a public email domain like ‘@google.com’. No legitimate organization will send an email to their people from an address that ends ‘@gmail.com’. One of the best ways to check an organization’s domain name is through a search engine. Not having the domain name in the email is proof that it is a scam.

While replying to the emails, the first thing to remember is to check to whom you are replying to. Are they the right persons you want to send your emails to? On the positive side, check To and Reply-To email address before sending an email.

Email Security Practice #3: Stop Spam Emails but Do NOT click the “unsubscribe” link.

Spam is not only a nuisance, but it can also pose security risks. So, unsubscribe from them. But not by clicking on the Unsubscribe link.

Clicking on the “Unsubscribe” link in a fraudulent email will not result in your email address being removed from the scammers email list. Instead, it verifies the scammer that your email address is in fact a valid and active address. And direct you to a malicious website that may install malware onto your device and/or trick you into falling for a scam offer of some kind.

If that’s the case, then how to properly handle your junk emails? The best technique to handle SPAM and other types of unwanted emails is to simply mark them as “SPAM” or “Junk”.

Of course, there will be times you may open one of these emails by accident. What should you do if you unintentionally click a link in a SPAM message? In the first place, mark the message as SPAM or Junk. Second, delete it.

Email Security Practice #4: Check for the Internal Emails and Grammar.

The grammar used in the sentences of a suspicious email is poor and it can be an indicator of a potential phishing attack. Why do scam emails have such noticeable grammar blunders? Haven’t scammers learned how to write in proper English? The answer is No. They aren’t mistakes. They are intentionally included by design.

Here are reasons why scam emails have such obvious grammar mistakes:

• The goal of a scammer is to make money not to have many people respond to them. To weed out responses from such people, scammers insert enough clues into their messages to discourage responses from anyone who isn’t sufficiently gullible to ultimately fall prey to the relevant scam. And generate revenue for them.

• Another reason that scammers introduce spelling errors is that spam filters lookout for various keywords and phrases commonly found in phishing emails; at least in the past. Scammers who misspelled some relevant words had a greater chance of having their scam emails penetrate through spam filters than did scammers who spelled everything correctly.

• Misspellings and grammatical errors also make the email seem more “authentic” and “believable,” as most people simply do not write their emails with Good English.

Malware usually can be found in emails coming from external sources. But if an employee’s machine gets infected with malware, then malicious emails can be sent through internal email. People are also more likely to click on an infected email attachment if it is from a friend or a co-worker. For this reason, it is vital to confirm that your email security solution also scans internally sent emails.

Email Security Practice #5: Use two-factor authentication.

Two-factor authentication is a security procedure in which the user provides two different authentication factors to verify themselves. Like a password as well as a security token or a fingerprint or facial scan. In general, Two-factor authentication provides a higher level of assurance than regular authentication methods.

How “Hack-proof” is Two-factor authentication (2FA)?

While there is no such thing like 100% email security. Enabling two-factor authentication for your online accounts can provide better security than single-factor authentication. Online accounts with single-factor authentication methods are easier to hack through password recovery options. Hence, be sure to monitor your inbox for emails requesting password changes.

Email Security Practice #6: Use Strong and Unique Password for each account.

Creating strong passwords is an extra measure of Email security that you can take to protect your email accounts. Always make sure that your passwords are at a minimum of ten characters in length and a combination of uppercase, lowercase letters, symbols, and numbers. Never choose dictionary words, birthdates, addresses or phone numbers for passwords. They can be easily available on the Internet.

Alongside, set a unique password. A unique password is a password that is used only with one account.

How to remember these unique passwords?

The answer is simple. Consider using password managers. A password manager is an application that can run on computers, smartphones, or in the cloud. These applications store passwords with various encryption techniques that available. Not only that most password managers can even generate strong and random passwords for you.

Keep Passwords Safe with Best Free KeePass Password Safe App

Note: The above-mentioned app – KeePass Password Safe asks you to set a Master Password or Key File or Windows User Account in order to store your passwords in a database. Just in case if you prefer to use master password as authentication factor, then here is Password Meter for you.

Password Meter is a clear and free tool that creates passwords from words. For example, the password generated by Password Meter for the word “benediction” is b=nedicT10n which is super easy to remember.

As already discussed above there is no such thing like 100% email security. And your passwords may be compromised if malware gets onto your device where you installed a password manager.

Email Security Practice #7: Prefer passphrases over passwords.

Another best email security practice is to use passphrases over passwords. A passphrase is a sequence of words. The major difference between a password and a passphrase is spaces. A password is a single word with spaces allowed as special characters in between each character. While a passphrase is a group of words with spaces or a sentence to put it in simple.

What is a good passphrase and how to choose one?

A good passphrase is a random passphrase. Even a passphrase can be crackable that is created by using common English words, names, locations, dates and numbers. An example of a bad passphrase is “The family dog”, which can be cracked in approximately 27 milliseconds.

A good or a random passphrase is with the best combination of memorability and security. Here is an example of a good passphrase or random passphrase – “opacity37charted35Drafted” “dell broker planet digital”.

Did you know? There are online passphrase generators that can generate a good passphrase for you in no time. Try Untroubled Secure Passphrase Generator or Use A Passphrase.

Email Security Practice #8: Never use public Computers or Wi-Fi to log in to your online accounts.

To ensure be email security, never login to your email account from a public Wi-Fi or Computer. The biggest risk associated with public Wi-Fi is, the hacker can place himself between you and the connection point. With this, the hacker can directly access your information without your knowledge.

Furthermore, the hacker can easily distribute malware by using unsecured Wi-Fi connection. As public Wi-Fi becomes more common, one can expect rise of Internet security issues. But this doesn’t mean you have to stay away from free Wi-Fi connections. Taking a few precautions should keep your information safe while you are on public Wi-Fis.

1. Use A virtual private network (VPN).
2. Use Secure Sockets Layer (SSL) Connections.
3. Turn Off Sharing from the system preferences or Control Panel.
4. Turn Off Wi-Fi When You Don’t Need It.
5. Stay Protected with a robust Internet security solution.

While public Wi-Fis have enough amount of high risks, public computers as well have some common risks. Not the whole world has access to a personal computer or portable device. Whether you’re surfing the network on a school computer or logged in at the local library to file online applications, you’re at risk for attack in both the online and offline arenas. Though these computers are equipped with some form of protection, they do have their share of vulnerabilities just like any other machine that accesses the Internet.

Since the users of public computers can’t certainly download and install the up-to-date antivirus protections onto a borrowed machine, it’s significant to know what measures can be taken to protect personal information from prying eyes.

Here are some safety tips:

1. Don’t save logins onto a machine and be sure to logout.
2. Avoid entering sensitive information such as payment details.
3. Do not walk away from a machine while you logged in.
4. Never save user names and passwords.
5. Change passwords on a secured machine.
6. Erase online session activity like temporary Internet files and browsing history.

Email Security Practice #9: Use Antivirus Software and Keep it updated regularly.

For better email security, use the robust antivirus solution and keep the virus definitions updated regularly. This way you can scan emails and email attachments for malware before opening them.

Here are some benefits and features of anti-spam and anti-virus solution.

1. Blocks Spam emails to your inbox.
2. Automatically quarantine the spam emails and allows recovery for a fixed number of days.
3. Automatic Filter Updates for timely detection of new types of Malware threats.
4. Monitor and filter spam from multiple accounts.
5. Allows you to maintain a Whitelist – a ‘friendly’ list of people whose emails you trust to accept.
6. Allows reporting spam back to the company supplying you the program.

Email Security Practice #10: Never open unexpected attachments from untrusted emails.

Emails are a quick way to send and receive important documents and pictures that are on our local machine. This makes digital attachments vulnerable to use as vehicles for malware. Spyware and malware such as Trojan horses, worms and viruses can be embedded into an email attachment. For example, cute pictures of puppies, cats, and even PDF files are used to transmit malware.

The malware that comes with email attachments can corrupt your hard drive, steal your data and expose you to all kinds of online and offline fraud. As a recommendation, only open email attachments that you were expecting to receive. And only after confirming the legitimacy with the sender using other means of communication than email.

Email Security Practice #11: Archive email according to a schedule and Block Large Email Attachments.

Most of us are not aware of the importance of archiving emails. And what can occur when there is no archiving system in place. In this section, we will overview some of the key reasons why it is extremely important.

1. In the first place, archiving your emails will free up valuable storage space.
2. Second, it reduces the pressure that’s placed on Email server hardware.
3. Third, provides you a central location where you can easily access email content. 

Another key point in achieving email security is to limit and block the large Email attachments. This is because it affects the performance of your system. Email systems aren’t configured for transferring large files.

Bonus Email Security Practice #12: Add Legal Footer and Train Employees.

Did you ever think why companies use email disclaimers? The most common reasons why companies include email disclaimers are:

1. To communicate and protect the confidential nature of the email.
2. To disclaim liability for viruses transmitted by the email.
3. And assert a copyright in the email contents etc.

Last, train your employees. If employees are unaware how to recognize a security threat, how can they be expected to avoid it or perhaps report it.