fbpx

E-mail Security 101

            E-mail remains a major telecommunication tool for individuals and businesses around the world with over 3.93 billion users and 293.6 billion e-mails sent/ received per day in 2019 (Radicati). It also serves to store data that are perceived as valuable to us and potential criminals, for example:

  • Registration information from bank accounts and other goods & services.
  • Information about connections and network which can be used for targeted attacks.
  • Enough data to create a base profile of the e-mail owner.
  • Data that can have a material impact on the success of a business and its clients.
  • Potential door to other personal devices such as computer, cellphone and the devices of others.

            The steps we take and culture we instill regarding e-mail security can help us better protect our data and the data of our friends, family, businesses and clients.

Common Methods Used to Infiltrate E-mail

            There is a vast array of methods that malicious actors can take to infiltrate your e-mail. This segment will only look at the most common methods.

            Phishing is perhaps the most common method used to gain access to someone’s e-mail/devices. It usually involves a ‘bad actor’ sending an e-mail, text or call trying to sway the victim into taking an action that leads to the sharing of valuable data or the opportunity for the ‘bad actor’ to make use of a vulnerability in the systems used by the victim.

            Brute force is an attempt by the ‘malicious actor’, through trial-and-error to gain access to your e-mail/devices. It usually involves the use of a software that attempts a variety of different passwords to gain access to the system. This method is less common nowadays due to security measures that e-mail providers have taken to limit the attempts. Although it is important to note that it still happens, especially due to individuals creating passwords that are too simple or due to actors willing to ‘take their time’ and/or finding exploits within the e-mail provider’s systems.

            Network Exploits are usually derived from individuals connecting to unsafe networks. The network can be unsafe due to systems used to monitor the data, whether implemented by the owner of the network or ‘bad actors’ that have managed to infiltrate the network.

            Physical Threats involves someone gaining direct access to your device (e.g. cellphone, laptop) which allows them to then get into your e-mails. This threat is usually tied to the theft of the device or mismanagement of the device by its owner. An example would be for a person to leave their laptop unlocked while they go out to get coffee, meanwhile a bystander uses this chance to steal the electronic.

Email Security Best Practices

Phishing

            There are a variety of ways that phishing can catch you off-guard, this section will only look at some key areas. Although there has been a decline in phishing levels concerning prior years, the number remains staggering. One in every 3,207 emails are used for phishing (Symantec) and, in the public sector, phishing is used in 74% of cyber-espionage cases (Verizon). GPetrium encourages everyone to get further engaged in this issue to ensure that individuals, teams and organizations are better prepared to deal with phishing attempts. Below are a few examples

  1. Some phishing e-mails will create a sense of urgency with the aim to get you to act before thinking about the potential consequences.
  2. Do not click on links in the e-mail before reviewing whether they are legitimate to you or not.
  3. Double check to see whether the e-mail sender is legitimate.
  4. Keep an eye on grammar mistakes, however, be mindful that legitimate users may make mistakes and that ‘bad actors’ may be sophisticated enough to use tools and experts to improve their grammar.

            In organizations with limited resources, leaders should take it upon themselves to create a phishing awareness communication (via email) to employees. Cybersecurity is a cumulative process that requires the continuous dedication of every employee to ensure organizational safety.

Brute Force

            To increase the difficulty of an actor using brute force, take steps to increase the difficulty of your password by:

  1. Adding symbols such as #@$.
  2. Having upper and lowercase letters.
  3. Adding numbers to the password.
  4. Increasing the number of characters to 12-32.

            An example would be to have a password like this: //S3c()r1tyW1ns. This password contains three numbers, 2 uppercase, 4 symbols and 13 characters in total and is relatively easy to use and remember. To those interested in following governmental guidelines, please refer to NIST’s ‘Digital Identity Guidelines’. Also, ensure that your passwords are not the same across various platforms, otherwise, if one provider database is breached, all providers with the same login & password may be breached. To help manage multiple password, software such as 1Password, KeePass and LastPass can be used.

Unsafe Networks

            Do not attempt to connect to your e-mail account and other key systems when using an unsafe network. Always consider the environment you are in, some actors will attempt to act as if they are a trusted service provider, while others will simply give you the chance to connect to their service. Even when you read the rules associated with a service provider of very well-known brands, they will tell you that the service may be monitored. The quality of security can vastly differ from each provider, consider that before connecting. If there are no other options, take steps to increase security by using SSL (Security Sockets Layer) in your browser, use the HTTPS:// prefix, keep your device up-to-date and use a Virtual Private Network (VPN). Afterwards, you are encouraged to change your password to limit the risk of infiltration at a later date.

Physical Threats

            To decrease the risk of a physical threat to your devices and consequently your e-mails, take your devices with you wherever you go. If this is not an option for a laptop or computer, ensure that you have a physical lock you can use to attach it to a piece of furniture and always remember to lock the software. For example Windows users should get accustomed to pressing Windows + L to lock the device every time they are away from it.

Conclusion

            Threats are becoming more sophisticated and harder to track, therefore it is essential for everyone from the network provider, to the e-mail provider, your friends and yourself to take steps to become ‘tech mindful’ and create a culture that follows suit. This will ensure a safer environment for personal and business use.

            For those interested to further their cybersecurity capabilities, please refer to other articles such as ‘Tips for Increased Cyber Security’, ‘Increase your Browser Security’ and ‘Increase your MS Office Security’.

Our Latest Posts

We Are All Stakeholders

If you buy or sell, work or employ, engage in the community, pay taxes, own a business or invest in someone else’s business, then you are a stakeholder or shareholder.

Read More »

Stockholders vs. Stakeholders

Stockholders and stakeholders are major drivers of societies. They help to build and maintain it in a way that it can grow and flourish. Learn what it is in a macro and micro standpoint.

Read More »
Receive a monthly newsletter with updates, insights and solutions from GPetrium!