Every computer user uses e-mail. Security breaches make headlines almost daily. With more and more people going online, consumers are worried more than ever about keeping their e-mail safe and secure. E-mail is the major way most malware is transmitted across the Internet. E-mail is the largest attack vector against large companies, as it is far more difficult to physically infiltrate a company. In this article, we will help you use e-mail more securely.
Secure your computer, web browser, Internet connection
Follow our guides to secure your Windows PC or secure your Macintosh by installing the right software, firewall, antivirus software, etc. Secure your mobile devices: iPhone, Android smartphone or tablet, iPad. Configure the settings and add plug-ins to you web browser so that it is more secure. Consult our tutorials for: Internet Explorer 9, Google Chrome, and Mozilla Firefox. Secure your Internet Connection: Wireless Network, Public Wi-Fi.
The Golden rules of the Internet:
- Do not trust anyone
- If it is too good to be true, it probably is
- Don’t install software from anonymous sources
- Don’t automatically hit “yes” to any pop-up
- If it looks suspicious, run
Secure Your Router
1. Configure your wireless router for optimal security. Consult our article How to set up a secure wireless router for details. For maximum security, access your e-mail when connected by a hardwired connection such as Ethernet.
Update and Secure Operating System
2. Ensure that your operating system is set up securely. Consult our computer security guides for Windows and Macintosh. For maximum security, you could start off a Linux boot CD or USB key.
Secure Internet Browsers
3. Secure your Internet browser. Consult our security guides to Internet Explorer, Firefox, and Google Chrome.
Pick a Good Email Provider
4. Most people already have an e-mail address that they are connected to. If you are considering a new e-mail address, consider examining how sophisticated the provider is. Infrastructure and state-of-the-art spam filtering are not inexpensive. We recommend users consider e-mail addresses from providers like Google and Hushmail. These companies are committed to staying on the leading edge, and are accessible anywhere. ISP based e-mail is convenient, but locks you in to the ISP. The same argument applies to school or company based e-mail addresses.You can always access these e-mail account via POP access in Gmail. This will allow your email account to utilize Gmail’s excellent spam filters.
Look for e-mail providers that have good spam filters and allow you to control attachments and HTML within e-mail messages.
Make Sure Email is using HTTPS
5. Make sure you are accessing the e-mail provider’s website using a secure connection, look for https:// in the browser’s address bar and a padlock icon
Use Unique Passwords
6. When creating an account at the e-mail provider’s website, we recommend you use a unique password as it is far safer in case the store gets hacked. You would not want hackers to get a password that worked on other websites. Consult our How to create, store and use secure passwords article for suggestions.
Create Multiple Email Accounts
7. We recommend creating multiple email accounts for different purposes. To maximize online safety. Having multiple email accounts linking to different accounts online. One example would be to have one email account for forums, one for banking, and one for shopping. Do not have all your emergency recovery email address be the same. This way if one email account gets compromised, the others are safe.
Use Two Factor Authentication if Available
8. Some e-mail providers support two factor authentication which requires users log in with both a password and a phrase generated on a smartphone, smartcard, or printed on a piece of paper. Gmail is a leading e-mail provider that supports this 2-factor authentication. Yahoo mail added 2-factor support at the end of 2011. A hacker who had your password could not log on without a second means of authentication. This is especially good for people that travel out of the country.
Use 3G/4G connection instead of Public WiFi when checking Email
9. When accessing e-mail on a smartphone or tablet, using the built in 3G/4G connection is a lot safer than connecting via a local wireless internet hotspot. This warning applies to both apps and mobile internet browsers.
Don’t open suspicious links and/or attachments
10. To avoid falling victim to e-mail phishing, never click a link or open an attachment from an e-mail. This is especially true for online banks and online brokerages. Manually type the URL into your browser.
Spear Phishing is utilizing realistic looking e-mails with personalized information, possibly emanating from a known person to steal your login password, run a attachment that contains malware, or force you to visit a web page containing malware.
Fight SPAM
11. Spam unfortunately, remains a unfortunate element in e-mail. Leading e-mail providers are pretty good at fighting spam, but no one is perfect. Unintended consequences include good mail ending up in a spam folder. Be very careful when accessing the spam folder as many a penetration has been enabled when workers accidentally click on links within spam folder e-mails that look legitimate.
Don’t Display HTML
12. For maximum security set your e-mail provider’s configuration to not display HTML when displaying e-mail. A less secure setting is to allow HTML but not to display images. This additional security tactic helps prevent rogue pages from being displayed within e-mail. (Windows Live Hotmail does not allow you to control this.)
We suggest these settings for Gmail:
- Select Mail Settings from the Cog in the upper right corner
- In the General Tab, next to External Content: Select Ask before displaying external content
Use SSL to access Mail Servers
13. It is important that email accounts accessed from a smartphone are setup utilizing encryption when available. Many email providers including Google’s Gmail, Microsoft Exchange, MobileMe, AOL Mail and Yahoo Mail support SSL (secure sockets layer) when accessing their mail servers. If SSL is not used, your emails as well as your password can be read by hackers.
14. If you have applications other than your web browser accessing your E-mail IE. A desktop mail client suck as Windows Live Mail, Outlook, or Mail.app, make sure you enable SSL secure connections within each application. Here is a tutorial on using Gmail with Windows Live Mail.
Be careful of Short URLs
15. Do not click on shortened URLs, expand them first using a site like LongURL or run them through a service like Virustotal.
Report Phishing
16. If you encounter phishing emails you can forward them to:
- reportphishing@antiphishing.org
- spam@uce.gov
- Internet Crime Complaint Center
- Anti-Phishing Working Group
- Stay Safe Online has spam reporting information on the top 10 ISPs
Check to see if any Email addresses have been compromised
17. There are databases of email addresses that have been compromised. If you are listed, immediately change all your passwords connected to that email account.
18. Someday phishing will hopefully fade in volume. DMARC.org which stands for “Domain-based Message Authentication, Reporting & Conformance” may help reduce the volume of problematic emails.
Things Not To Do
1. Do not access your e-mail from public wifi hot spots unprotected or cyber cafes. Many of these locations provide little to no security and are prone to snooping or malware.
2. Always log out web-based e-mail account, do not simply close the browser.
3. Do not have a single email address where everything goes. If everything is linked together, you entire security chain can get compromised with one break in.