Whether it’s your personal email account or a company-wide system, our email accounts contain a lot of sensitive information. By just perusing through an email account, a threat actor could learn about your company’s business partnerships, glean financial information, or discover upcoming changes to your digital systems.
And if a threat actor decided to do more than read emails, they could use their access to your account for rather more nefarious means. Think impersonation, resetting log-in details to linked email accounts, gaining access to other systems, and much more.
It stands to reason that protecting your email account and boosting your company’s or your personal email security is only wise — particularly as the email-threat level is rising in line with an ever-increasing number of cyber threats.
Here, we go over some of the best ways to bolster your email security. Let’s get started with encrypted email providers.
Switch to a secure and encrypted email client
Encrypted email providers do as the name suggests: encrypt every email sent and received in much the same way as an end-to-end (E2E) encrypted messenger app, such as Signal, does.
The benefit of switching to an encrypted provider is clear; there’s far less chance of a threat actor being able to intercept an email, and even if they managed, the information would be scrambled and unreadable.
You have several options when it comes to making the switch:
● ProtonMail - Widely regarded as the E2E email gold standard, ProtonMail has been encrypting emails since 2013. Plus, as the company is based in Switzerland, it has no obligation to turn over the contents of emails to US law enforcement when requested, unlike Gmail or Outlook.
● CounterMail - The service’s unique claim to fame is that it’s one of the minority providers that offer a dedicated, secure USB key option; meaning CounterMail is perfect for those who need to send secure and encrypted emails while on the go. Additionally, the company is based in Sweden, a nation noted for its dedication to privacy protection.
● Tutanota - What we love about Tutanota is that it’s one of the only E2E email providers that encrypts all email messages, both incoming and outgoing, regardless of the sender or recipient’s provider. For example, if the person you are communicating with has a Gmail address, all emails are still encrypted and your correspondent is sent a link to view an encrypted email.
You can also consider Mailfence, Posteo, and Private Mail. Our top pick, though, is ProtonMail.
Watch out for suspicious links
Phishing, a practice whereby a threat actor attempts to trick or manipulate a user into opening a link sent by email or SMS, remains a huge issue. Although we’ve known about phishing emails for a long time, the threat does not subside, primarily because human beings are always fallible and errors can easily occur.
To prevent a personal or business email account from falling victim to a phishing attempt, and any subsequent malware, vigilance is key. In a work setting, employees should be made aware of the dangers of unsolicited emails that contain links, and on a personal email level, users should do the same. Understand that your bank is unlikely to send you an email asking you to log in to your account, for example.
In addition to constant vigilance, email scanners are a great way to weed out some of the digital nasties attempting to flood your inbox. For the most part, email scanners form part of a quality, paid antivirus package — but don’t expect email scanning if you’re using a free antivirus.
Some of the best options include:
● Bitdefender Plus - Bitdefender offers arguably the best free Windows antivirus program out there, but for full protection, choose the advanced Plus option which also offers a range of anti-phishing and fraud features and protections.
● GFI Mail Essentials - Designed specifically for network mail servers, GFI Essentials will scan for all sorts of email trash, whether it’s viruses, spam, or phishing attempts. Note that the service offers a full suite of anti-spam tools to keep your company’s emails squeaky clean.
● Mailwasher - What we like about Mailwasher is that it’s compatible with pretty much any email provider you can imagine. Additionally, its anti-spam features are its greatest selling point; view and delete spam messages at the server before they even reach your email software.
Opt for strong passwords and two-factor authentication, always
Much like how security experts have been warning us for years about the dangers of suspicious links, we’ve also been hearing a lot about account log-in security protocols. But despite the warnings, many of us are yet to heed the advice and still have common or easy to crack passwords.
If you’re logging in to your email account with a password such as qwerty12345, or password, or even worse, 1234567890, it’s time for a change. Passwords should be at least 12 characters long, contain a mix of upper and lower-case letters, numerals, and special characters.
In a company setting, make it a policy that every staff member with a work email account follows basic digital hygiene practices and creates a strong password. In addition, encourage or specify that each employee sets up two-factor authentication for an added layer of protection.
For personal email accounts, follow the same steps detailed above.
Be wary of open or unknown networks
One of the best things about the modern world is the widespread availability of WiFi networks. However, not all networks are created equal. Open, free WiFi networks are a hotbed of digital threats and should be treated with extreme caution, even if that work email is pressing, particularly if you haven’t yet switched to a secure email provider.
If you do need to access your email account on an open WiFi network, use a Virtual Private Network (VPN).
Emails remain one of the world’s most popular ways to communicate, yet they also offer plenty of ways for threat actors to gain access to our personal or company information. Follow the tips above to secure your emails.
