Despite the popularity of real-time communications like instant messaging, as well as updates via Facebook and Twitter, most workplaces still use and rely on email. As handy as email can be, it can also be dangerous. Attachments can contain viruses, and email messages can hide phishing links that lead you to fake websites in an attempt to steal your login information.
Tech giants including Google and Facebook aim to establish a new standard called DMARC to reduce these threats in the future. For now, however, there are five things you can do to help secure your email.
1. Use a Password
Your password is the first and most important line of defense in protecting your email. Though most mail systems require one, there are many ways to bypass using a password to access your email. As an example, using Outlook or Thunderbird on a laptop with no login screen leaves all that mail that has already downloaded exposed, even if you use a password for downloading your mail. If you don’t have a password or PIN on your mobile phone, your email is left unprotected there, as well. Be sure to require passwords on any device that contains email, as well as within any program that can download it.
2. Have a Secure Password
While using a password is essential in protecting mail stored locally, having a secure password is critical for email that can be accessed remotely. By using a password that's complex, containing at least eight characters that mix letters and numbers and include capitalization and symbols, guessing or cracking your password becomes dramatically harder. Also, using different passwords for every account you have prevents a compromised password on one system from being used to access others.
3. Use HTTPS
When using Web-based email systems, use the secure HTTPS method, which encrypts your data as it travels across the Internet, whenever possible to make it harder for your data to be intercepted and fall into the wrong hands. Systems like Google’s Gmail or Microsoft’s Hotmail offer an option to use HTTPS whenever accessing your email. Look for the HTTPS at the beginning of the website's address in your browser. In newer browsers, you’ll even see a green padlock there, indicating the site is safe.
4. Avoid Attachments
Be careful what you do with your email, especially when opening attachments. Since they can contain viruses and malware, only open those that you were already expecting. Viruses can lurk in messages from your colleagues (or that appear to be from them), so when in doubt, ask the sender what's in the attachment before you open it. Don't decline a virus scan if your email service offers one when downloading the attachment. Other methods of sharing files, such as using Box.com or Dropbox, are safer. But even with these, be sure you're using a secure connection and that the file is coming from your colleague's account, not from an impostor.
5. Escape Phishing Attacks
If you're the target of a phishing attack, an email message sent to you appears to be from a source you recognize. It uses links to take you to a fake website that tries to trick you into typing your login information, which will give the attackers access to your real account. Efforts are being made to reduce this danger, including the recently announced DMARC collaboration, which once adopted should help assure that messages are from who they claim to be. Until this and similar efforts reduce the danger, avoid clicking links in email messages, even those that appear to be from within your own company. Instead use a bookmark you already have or type in an address by hand for a site you wish to visit.
Joseph Fieber has 25 years of experience as an IT pro, with a background in computer consulting and software training. Follow him on Google+, Facebook, or Twitter, or contact him through his website, JosephFieber.com.