Staying Safe with Email

Last week I explained why email continues to be the number one source of malware infections, but this week’s blog is for the TLDR crowd: how to reduce the amount of risk we incur each day using email. Enough talk, more tips, Woo!

1. All attachments delivered via email should be considered unsafe. This is a big hassle, but if you shift your mindset to automatically distrusting every attachment you receive regardless of who sent it, you will be safer overall. If you regularly receive attachments via email to operate your business, I recommend changing your business process to use a more secure platform to transfer files. This may not be cheap, but can you afford to get hacked? If you need a quick way for someone to send you an attachment, or to send one yourself, you can use https://send.firefox.com/ to send secure, encrypted attachments for free.
2. All links in emails should be handled very carefully. Unless you understand exactly how to reveal the actual destination of a link you see in an email, do not click links in emails. When reading email on your computer, hovering over the link in question should show you the actual destination, especially if the link looks just like this and does not actually show you the URL. Become familiar with how your email application shows you the link destinations. Outlook will show you in a little pop-up when you hover over the link. Gmail will show you the destination in the lower left corner. Keep in mind that most smartphone email apps will NOT show you the destination URL, and as such, I don’t recommend you click links or open attachments on your mobile device for this very reason (see #4). If you need to investigate further, manually type the link of the site in question in your browser.
3. Guard your email password as if your (digital) life depended on it. Your email password should be complex, hard to guess, and never used anywhere else. Access to your email is a key stepping stone for hackers who are intent on stealing your identity. They can also use it to destroy relationships with clients and customers by sending malware to them from your email account. Always consider carefully when being prompted for your email password whether the request is legitimate. If you get the prompt after opening an email attachment (see #1) or clicking a link (see #2), stop. Do not enter your password. Recheck the source of the prompt and make doubly sure it’s not a phishing attempt. If you are unsure, do not proceed and check with your IT professional.
4. When reading emails, whether on your computer or on a mobile device, always pay 100% attention to what you are doing. The more distracted or rushed you are while processing email, the more likely it is you will make a mistake that could result in a malware infection. Phones display less information on a small screen and are often used in distracting environments, and this can lead to you being bamboozled by an email you would otherwise spot easily on a bigger screen with your undivided attention.
5. Get rid of old email and social media accounts. If all they are doing is collecting junk mail, consider closing them permanently, or have the email forwarded to an account with more robust filtering services in place. Forgotten accounts can be hacked and used to steal your identity in places you might not be watching, so instead of leaving that backdoor wide open, nail it shut permanently.
6. Never use an email account, business or personal, that does not have some form of filtering service attached to it that can detect and quarantine malware and spam. At the moment, among the free email platforms, Google’s Gmail has probably the best filtering, and at the other end of the spectrum, ISP email accounts, especially legacy services like ATT, SBCGlobal, Roadrunner, etc. have barely functional spam filtering. Some of the more “traditional” freemail platforms like AOL and Yahoo have improved somewhat, but they are still no match for the corporate-grade mail filtering services that can be attached to platforms like Microsoft Office 365 and Google Apps Suite. In this case, you get what you pay for, and with the exception of Gmail, free doesn’t get you much.
7. Always delete emails that contain sensitive information, like passwords and PII (personally identifiable information). Do not use your email account to store important information. If a hacker gains access to your account, they may scan the entire contents of your email box for other juicy information they can use against you, your clients, your family and friends.

Image courtesy of cuteimage at FreeDigitalPhotos.net