The private testing has started!

Blog 27 mistakes to ruin your email security

Please, mind this article is being drafted or rewritten and may contain imperfections. It has not been yet reviewed for final publication.

Email is an excellent and easy-to-use form of communication for individuals and companies. Emails contain sensitive information. Everyone in an organization uses it. At the same time, it is a prime target for phishing attacks, which can be used to spread malware and is one of the biggest targets for companies. Therefore, learning to secure your email is important.

How secure is email?

Email is the most critical threat vector because it is a ubiquitous tool everyone in an organization uses. It is an open format that, once intercepted, can be read on any device without decryption. Cybercriminals can easily impersonate the sender or manipulate email content in body copies, attachments, Uniform Resource Locators (URLs), or sender email addresses.

What is email security?

Email security includes techniques and techniques used to protect email accounts and communications, used to protect email accounts and the data contained in emails from loss, disclosure or unauthorized access.

Because cybercrime will never go away and is increasing, we provided 27 tips for you to safeguard your data from cyber-attacks.

Don't use only one email account

Having two or more email accounts is expected today. Because you might use one account to communicate with your friends and family and another for your work, you can even use a third account as a one-time account for online shopping or signing up for websites.

If you only have one email account to do all this, you're taking a big risk because it could get hacked or inadvertently reveal sensitive information to someone you shouldn't.

Don't use private email on a company computer

Besides separating your private and work email accounts, you should also pay attention to where you log into them.

If your company gives you a work laptop, use it only for that job. Using private email on a business computer is risky. Hackers can know where you work through some of your personal information. They may use this information in business email compromise attacks.

Recognise phishing attacks

Email phishing attacks and scams are getting more sophisticated, but even so, there are signs that can help you identify phishing emails.

Pay attention to potential red flags in email

The email does not address you by name but uses a generic greeting such as "Dear Sir or Madam". The email was sent from a strange and unprofessional domain. The entire email is just one link that tempts you to visit the scammer's website. It is full of grammar and spelling mistakes. This is unsolicited (I have never heard of or contacted this company before). It contains unsolicited attachments for you to download. This email is designed to put you into panic mode. It asks you to provide personal or other sensitive information. No legitimate company will do this via email.

Don't click and reply to spam

You'd better ignore spam. Please do not click to view or reply to spam if you received the spam. Although you might be curious about what's inside, open spam is not a good idea. You just delete it from your inbox or spam folder. If you reply to spammers, they will know your email is active. This will cause them to send more spam. Instead, list spam emails as "Blocked."

If you are a user of Liverado, you can add a blocklist contact by going to Settings>Filter>Add Blocklist Contact.

Don't use weak passwords

Your password can be your strongest or weakest line of defence online. You may have dozens of passwords for your emails, social media accounts, e-shops, websites, forums, and more.

It's arguably challenging to remember all of these passwords, so many people use weak passwords that are easily identifiable. Your email account is the last place you should do this.

Ensure your password is strong enough that it cannot be easily brute-forced. Use a combination of letters, numbers, and special characters; the password must be at least ten characters long.

If you can't remember all your passwords, you can always use a password manager like Clipperz.

Change your email password from time to time

Never assume that your current email password will protect you forever. Instead, think of it as a toothbrush you need to replace every few months (depending on how often you use it).

Just like a toothbrush can contain microbes over time, hackers may have already cracked a password you've used for a few years.

Don't share your email password

Never share your email password. It would be best if you don't share your passwords with anyone, including your friends, family, co-workers, bosses, etc.

If someone asks for your email password, ignore their request or politely tell them that the password is private data you cannot share.

You should be the only person in the world with access to your email account.

Do not share your email account information with others

You should not share the information in your email account with others, including your family and friends. That's not to say they'll abuse your email. However, they may not be as knowledgeable about email security as you are. They may accidentally blurt out some of your personal or confidential data to scammers.

Do not open and reply to emails from unknown and unsolicited senders

If you suddenly get an email from someone you don't know and have never contacted, it's usually best not to reply and ignore or delete it.

If you need to respond, please at least ensure not to reveal information about yourself, your family, friends and any individuals involved, or other important information.

Do not open unscanned email attachments

Malicious email attachments can infect your email or computer, so you must be careful about what you open and download.

Never open unsolicited email attachments from unknown sources, and be sure to scan attachments before opening or downloading them.

You should be especially careful with Microsoft Office attachments such as , doc/.docx, .xls/.xlsx, .ppt/.pptx. And .pdf, music files (.mp3/.mp4), image files (.jpeg/.png) or executable files like .exe, .js, .zip, .html.

Scammers often use these files and executables because they are common enough to trick you into clicking on attachments.

Using 2FA

We've already said that having a strong password is important to your email security. Still, it's even better if you add another layer of security to your account with multi-factor authentication.

Multi-factor authentication will further protect your email account by adding a security question, token, etc. People who want to get into your email account will need to know or have that information/things in addition to the username and password.

For example, let's say you forgot your email password. So you can't log in. Fortunately, you can click the "forgot password" link, and if you have a recovery email, it will be sent to that email.

But what if hackers somehow got your username and password? Adding an extra factor prevents them from taking control of your account as they need the code/token you just received on another email or device.

Be careful to click "Unsubscribe" in emails from unknown sources

A neat tactic used by spammers is to leave unsubscribe links in their emails. Not only does this make their emails look more professional, but it can trick people into believing they are a legitimate company. People believe that by clicking "unsubscribe," they are actually cancelling their subscription.

In fact, by clicking on this fake unsubscribe link, you're only letting spammers know that your account is active, so they'll keep sending you more and more spam.

Instead, you need to delete the email instead of clicking anything or replying. Or, if you keep getting it, you can add this contact address to the Blocklist to block the address entirely.

Use spam filter

Spam filter A convenient way to clean your inbox from spam. You can add spam senders to Allowlist and Blocklist with the spam filter.

Also, you can set Action filters in Liverado. For example, you can set the Action filter to automatically move emails whose subject lines start with or contain specific words, such as "free upgrade", to the spam mail folder.

Be careful when the sender's name and email address do not match

But if you receive an email from an individual, their name and username are likely to match unless it's an anonymous email.

For example, if the email is bob@gmail.com, but the signature is Alice, that should open up some alerts in your mind.

It's not a foolproof one. For business senders, signatures and email users may not be the same.

Becareful when the email address does not exactly match the company it claims to be from

Scammers often pose as legitimate companies in order to get you to reveal your sensitive information. For example, they may claim to be from your bank and ask for your account number or other financial information.

First, your bank will never ask you for this information via email. The second is to check whether the email address matches the bank carefully. Open your browser and search how to contact your bank. Someone is trying to phish you if the email isn't listed here.

Do not email personal and other sensitive information

Email is a very convenient form of online communication, it's not as intrusive as some other forms, and you can open and reply on your own time.

However, we do not recommend emailing personal or sensitive information, even if the other person is someone you know and trust. There is always a chance that someone has "infiltrated" your conversation and is monitoring it, such as [man-in-the-middle attack. ] (/blog/what-is-a-man-in-the-middle-mitm-attack-and-how-to-prevent-it)

Use Bcc instead of Cc when sending mass emails

If you need to send bulk emails to other people, you have two options: blind carbon copy (BCC) or carbon copy (CC). In this case, you should always choose BCC over CC.

Because BCC will ensure that people in the email chain are protected from different types of cyber-attacks and email spam by hiding their names and addresses, this is not the case for CC.

Do not use Gmail for sensitive emails

You probably have a Gmail mailbox account. To be frank. As long as you don't send sensitive information through it, it's fine as a private account.

Gmail only uses Transport Layer Security (TLS), which means it encrypts the end (sender) to another (receiver). It doesn't encrypt emails while the emails are in the servers (at rest).

Delete files from the cache

Your computer will likely save your browser history (including the passwords you use to log in to different websites, including your email) somewhere in its cache.

While this generally makes it easier and faster for users who don't have to remember all those passwords, it's far from secure, especially if you're using a public network.

Be sure to regularly delete files in your cache, as someone could use your cache to access your password-protected data, including your email account.

Report an email leak

Every data breach in your company should be reported and registered. It works for failed email compromise attempts that users also spot and react to.

The reason for reporting a data breach is to make sure everyone in the company is prepared for the next breach. There is always a "next time" when it comes to cybersecurity breaches.

Develop a plan for email breaches

What happens to your company when a cyber attacker manages to compromise your email? Do you have a plan for this situation?

You should also have a data breach response plan that includes an email breach response plan.

Here is a roadmap you can follow should a data breach occur or be discovered, which should include:

  • Definition of default
  • Who should respond to violations
  • Step-by-step actions for handling violations
  • follow up. Report breaches to authorities and stakeholders, take further steps to strengthen your cybersecurity, and more.

Using digital signatures

You may notice that some emails contain a different signature than usual. A digital signature is a great branding opportunity, but more importantly, it adds legitimacy to your email.

Using a digital signature, such as a digital business card, can greatly reduce the likelihood that your email will end up in the spam folder. They can contain:

  • Your name
  • Job title
  • Email address
  • Phone number
  • Website
  • Website logo
  • Social media account links
  • Photo
  • Legal disclaimer

Email Security Education

Email security is constantly evolving. But scammers, phishers, hackers, and more are continually finding new ways to steal your data. It would be best if you kept up with them, or you'll be caught off guard the next time you face a cyber attack.

The best way is to keep learning, read about email security, and learn some email security best practices. E.g.:

  • Separate your personal and business accounts
  • Use strong passwords and change them regularly
  • Use a different password for each account
  • Enable 2FA
  • Do not open attachments from unknown senders
  • Investigate suspicious URLs and messages
  • Do not disclose personal information in emails
  • Do not reply to spammers and scammers
  • And more.

There is no shortage of material or excuses for not educating yourself about email and IT security threats. You can read articles, and books, watch videos and view case studies. And learn from successful and unsuccessful data breaches to understand how to respond to cyberattacks.

Educate employees on adequate email security

IT security shouldn't just rest on one person's shoulders. Email security threats come from external and internal sources, especially if your employees are not adequately educated and informed about cybersecurity.

For example, many companies have bring-your-own-device (BYOD) policies that allow employees to use their own devices for work. It's good practice for collaboration and productivity, allowing employees to access their email no matter where they are. But it's not good for security.

The more connected devices that access email, the greater the potential for data breaches. For example, an employee might lose their cell phone, giving others access to their business email. Meanwhile, many data breaches happen not because of some ingenuity of the cybercriminals but because of the naive responses of employees.

Better educating your employees will ensure your company reduces accidental data breaches.

Test your email security

You may have anti-malware software and employ email security best practices, but your email may not be at the level of not exposing data. There is a way to know if your email security plan is working.

Send phishing or scam emails to your employees and see how they respond. Are they following email security best practices, checking email senders, scanning attachments, and reporting breach attempts?

Don't think it's a waste of time. Exercises like this can save you time and money, so be sure to do it from time to time.

Use email encryption for important and confidential data

You should encrypt emails that contain confidential or private data. By using encrypted email, you reduce the chance that someone other than the intended person intercepts and reads the content of the email and misuses the data in it.

Use an anonymous email

You don't always have to reveal your real name in emails. In fact, in some cases, it is prudent to remain anonymous.

There are two main reasons why you might want to use anonymous email:

  • Protect your online privacy. People sign up to various websites to provide information about them. Next, they forgot all about these sites and what they had registered with. But these nets still retain their data. Suppose you're not sure you will use the account often but want to sign up first to see it. Then there is no point in leaving your personal information. In this case, consider using anonymous email.

  • Another reason to use anonymous email is when you need to send confidential information. For example, you may be a whistleblower or a reporter, and you have some confidential documents. If you exchange this data via regular email, you will likely be at risk and persecuted. You are much less likely to be discovered if you use an anonymous email security service.

Conclusion

You already know the 27 biggest mistakes you can make regarding email security. We hope this article helped you better protect your email account.

Please sign up Liverado secure email. It will help you better protect your data and privacy.

Ready to join Liverado? Start your free 14-day trial today.