7 Email Security Tips That You Should Always Follow

Email is a crucial part of modern life. Unfortunately, it has significant security flaws that can be exploited by both malware (such as computer viruses) and humans who want to steal sensitive personal information.

Every email user should know how to protect themselves from email-based threats. Follow these email security tips to protect your personal and work email accounts and devices.

1. Never Give Out Any Sensitive Information Over Email or Click Any Links in the Email Body

Never share sensitive personal information over email, even if you trust the sender. Attackers may try to impersonate people or companies you trust, sending email from addresses that closely resemble your contacts’ addresses. They may even take over those addresses and use them for nefarious purposes. 

So, if you receive a request for an account password or recovery code by email, ignore it for the time being. Also, avoid clicking links directly in the email body. Even if the website appears legitimate, it could be insecure or controlled by someone who wants to steal information from unsuspecting users.

2. Confirm the Sender’s Identity By Other Means

You will sometimes receive legitimate requests for personal information by email. If you suspect that a request is genuine, contact the sender by other means to confirm. Then, communicate the information verbally or by secure message (other than email).

In the workplace, this might mean picking up the phone, sending an internal chat message, or walking across the room to the sender’s desk. When dealing with senders outside your organization, it might mean calling customer service or sending a help request through the organization’s website.

3. Don’t Open Email Attachments From People Outside Your Organization

Email attachments can contain viruses and other malware. 

 

 

“Don’t open attachments from senders you don’t know, especially those outside your organization’s firewall.” — George Otte

 

 

If you must open an email attachment from a trusted sender, use your email program’s “preview mode” or view it in “protected mode” after downloading.

4. Use a Different Password for Every Email Account, Make Them Strong, and Change Them Frequently

Use unique passwords for every email account. Make them strong, using a combination of at least eight letters, numbers, and special characters. Change them at least once per month without ever reusing old passwords.

5. Use Two-Factor Authentication

If your email program offers it, enable two-factor authentication at log-in. Two-factor authentication pairs a second identity check, such as a unique code sent to your phone, with a traditional password. Even if an attacker knows your password, they won’t be able to access your email if they don’t have access to the second piece. 

6. Learn to Spot the Signs of Phishing

Phishing emails are malicious emails that attempt to extract sensitive information (such as passwords) from the user, or convince them to click on a link that downloads malware onto their devices. The signs include:

  • Direct requests for personal information
  • Offers that sound too good to be true
  • Links that you don’t recognize
  • Threats to revoke account access or benefits

7. Don’t Reply to Spam or Phishing Emails

It’s best to ignore phishing emails entirely after marking them as “spam” in your email program. Don’t reply to them directly, as this will only encourage the sender. 

Likewise, don’t respond to “regular” spam emails either. While these emails aren’t malicious, they’re not useful to you, and responding will only attract more.

Do you use any of these strategies to deal with email security threats? Which work best for you?

 

 

George Otte is a Miami-based entrepreneur and executive with more than 15 years of multifaceted business operations experience.

5 Common Digital Threats and How to Avoid Them

By George Otte

 

The digital threat landscape is constantly evolving. No matter how you choose to utilize the Internet, it’s important that you understand and take basic measures to protect yourself against the most common security risks online.

Five threats deserve special attention: zero-day exploits, phishing and spearphishing, ransomware, spyware and greyware, denial of service attacks, and man-in-the-middle attacks. Let’s take a look at what each could mean for you — and how you can avoid or mitigate them in the future.

1. Zero-Day Exploits

A zero-day exploit is a vulnerability inherent to a software program. It is not the direct result of malicious activity; rather, it is usually an innocent flaw in program coding or compilation. However, until it is “patched” (fixed), attackers can use it to gain unauthorized access to the program and the networks it runs on.

The best defense against zero-day exploits is routine system updates. Whenever a new patch or version becomes available for a particular piece of software, install it without delay to eliminate the vulnerability.

2. Phishing and Spearphishing

Phishing and spearphishing attacks imitate trusted senders (usually email or social media users) in attempting to convince recipients to provide sensitive information (such as passwords or bank account numbers) to the attackers. 

Phishing attacks are often unsophisticated and easily identified as illegitimate. Spearphishing attacks are better-targeted, more elaborate, and often very convincing. 

 

“The best defense against these types of attacks is to avoid sharing sensitive information over email or social media, even if you trust the person or company requesting it.” — George Otte

 

3. Ransomware

Ransomware has been in the news a lot recently. Two recent high-profile attacks, against Colonial Pipeline and JBS, resulted in national or global business disruptions and only ended with the payment of multimillion-dollar ransoms.

Like any other type of malware, ransomware needs a way into the systems and networks it infects. Using anti-malware software and following network security best practices (including using strong passwords and two-factor authentication) can reduce the risk.

However, ransomware can still infect well-defended systems. The best way to minimize disruption if you are affected is to regularly back up your systems and data to the cloud and physical storage media not connected to your network.

4. Spyware and Greyware

Spyware is a type of malware that collects information from infected computers and networks (including potentially sensitive data) and relays it to the software’s owner or operator. Spyware often operates under the radar, collecting data for months or years without being detected.

As its name suggests, greyware occupies a gray area between malware and legitimate software. However, because it can perform unauthorized activities (including information collection and sharing) and may hinder system performance, it should not be tolerated.

The best defenses against spyware and greyware are a robust, regularly updated anti-malware program and routine deletion of unnecessary or unrecognized programs from your system.

5. Man-in-the-Middle Attacks

Man-in-the-middle attacks are also known as eavesdropping attacks. They often begin when the victim connects to an unsecure public WiFi network without first encrypting their traffic through a VPN. Without the victim’s knowledge, the attacker can “eavesdrop” on their traffic over the network, possibly collecting sensitive information like passwords and financial account records in the process.

The best protection against man-in-the-middle attacks is a secure WiFi network run on a system with robust anti-malware protection. 

Have you encountered any of these digital threats recently? What are you doing to keep your devices and networks safe?

 

George Otte is a Miami-based entrepreneur and executive with more than 15 years of multifaceted business operations experience.

Take These 7 Security Steps When Using Your Computer Outside the Home

By George Otte

Laptop computers appreciate the mobility and flexibility they offer. As a result, most use their machines outside the home at times. 

They might bring them to the office or even use them as their primary work devices. They might take them to a coffee shop or library for a change of pace while working. They might travel with them, using them in airports, hotels, and other unfamiliar settings.

Laptops’ portability is a source of great convenience. Unfortunately, it’s also an unseen source of risk for their owners. It’s important to take some essential steps to protect your machine and your personal information when using your laptop outside of the home. These seven are easy for all to take and require no special skills or training.

1. Never Reuse Passwords and Use a Password Manager to Keep Your Credentials in Order

It sounds inconvenient to use unique passwords for every account you own — a number that is surely in the dozens, if not hundreds. However, this is the easiest way to protect your data from theft. 

 

“When you use the same password for multiple accounts, the compromise of any of those accounts is effectively the compromise of all of those accounts.” — George Otte

 

By contrast, when you use a different password every time, you contain the risk. If you are concerned about remembering dozens or hundreds of passwords, use a secure password manager to organize and retrieve them.

2. Use Antivirus Software and Make Sure It’s Activated at All Times

Use a well-reviewed antivirus software suite and make sure it’s activated at all times, especially when browsing the Internet on networks outside the home. You are much more likely to encounter malware on networks you don’t control, as we’ll see.

3. Make Sure Your Firewall Is Operational

If you have a Windows laptop, make sure its firewall is operational. This should be the case if you haven’t altered the firewall since purchasing and setting up the device. Your firewall is a crucial line of defense against malware and data theft, so it’s important not to tamper with it.

4. Download and Install Software Updates As Soon As They Become Available

It’s especially important to keep your computer’s operating system and Internet browser up to date. You should receive periodic reminders to update these critical pieces of infrastructure, and newer Windows computers should prompt you to update at shutdown or restart, making it difficult to put this off for too long. Some software may require you to manually search for updates or download the latest version every so often.

5. Use a Virtual Private Network When Browsing the Internet Outside Your Home

As long as your router has not been compromised, you can be reasonably certain that your home network is secure. This is not the case with networks you don’t control, and especially not public WiFi networks in places like restaurants, airport terminals, or hotel lobbies. When connecting to such networks, always use a virtual private network (VPN) to encrypt the data your machine sends. 

6. Don’t Connect to Unsecured Public WiFi Networks

Public WiFi networks present special security risks for laptop users. Avoid connecting to them, even with a VPN. Wait until you have access to a secure network, such in a private hotel room or apartment.

7. Don’t Allow Your Laptop to Connect to Other Machines on a Network You Don’t Control

When browsing the Internet outside the home, don’t allow your laptop to be discoverable by or connect to other machines on the same network. Doing so could increase your risk of data theft and expose your machine to malware or spyware. The only exception to this rule concerns secure work networks in your primary place of business (for example, your employer’s home office).

 

George Otte is a Miami-based entrepreneur and executive with more than 15 years of multifaceted business operations experience.