In Verizon’s Data Breach Investigations Report, research from 41,686 security incidents and 2,013 data breaches indicated that 94% of all malware is delivered by email. Such an alarming statistic indicates that now might be an ideal time to review some of the best ways to secure your personal and professional emails from cyberattacks.
1. Use a Password Manager
Trying to keep track of dozens of different passwords for email accounts, social media accounts, subscriptions and more can be a daunting task. Which is why most people use one password over and over again. This reuse of the same password, however, increases the chances that your email account will be hacked.
A password manager can help to alleviate this problem. With a password manager, you assign a master password that regulates your password database. According to CNET, here are some of the best password managers:
- Bitwarden: Best free password manager
- LastPass: Best paid password manager
- 1Password: Best paid password manager for multiple platforms
2. Check for Two-Factor Authentication
Two-factor authentication (2FA) is a type of multi-factor authentication (MFA) that improves access security by requiring two methods to verify your identity. When registering a new email account, make sure that your account comes with 2FA support. This additional layer of protection enhances your email’s security and decreases the likelihood of your email account being compromised.
Once your two-factor authentication has been activated, you will receive an alert (typically a text message or warning linked to your smartphone) if someone tries to log into your email account. The only way access will be granted to your email account is if you allow the sign-in.
3. Invest in Endpoint Protection Software
EPP is the first line of defense for protecting against cyberattacks entering your network via email. With this preventative software, you’ll have a powerful scanning tool for detecting malicious software, including worms, trojans and ransomware.
4. Recognize Phishing Emails
Phishing is an online scam where criminals try to steal your personal information by impersonating legitimate organizations. The phishing scams can be hatched through email, texts or ads and typically include a link that takes you to a fake website. To spot a phishing scam, itgovernance.co.uk offers these clues:
The message is sent from a public email domain. The most obvious way to spot a bogus email is if the sender uses a public email domain, such as “@gmail.com.” Google doesn't even send business emails that end in “@gmail.com.” If you see an email from a company, but the domain name (the part after the @ symbol) doesn’t match the supposed sender, the email is in all likelihood a fake.
The domain name is misspelled. Some threat actors will go even further to scam you by registering a domain that looks similar to an actual domain. Also known as “typosquatting” or “URL hijacking,” this tactic can add a layer of authenticity to a scam email. As an example, domains could look like these:
- Amzon.com (instead of amazon.com)
- Chasse.com (instead of Credit Card, Mortgage, Banking, Auto | Chase Online | Chase.com )
- Facebok.com (instead of Facebook - log in or sign up )
- Linkdin.com (instead of LinkedIn: Log In or Sign Up )
Scammers can also misuse the top-level domain system, which is the last part of the domain, such as .com, .org, .net or .edu. For example:
- Aol.cm
- OWH联盟外投
- chase.cm
- Costco.cm
- Walmart.cm
The email is poorly written. Oftentimes, English is not the first language of the scammers, which can result in misspellings, bad grammar and oddly worded sentences. If the email you’re reading has an excessive number of typos, avoid clicking on any links. Instead, reach out to the supposed sender via their website or phone number.
The email contains infected attachments or suspicious links. You may not know if an attachment is infected until you click on it. The best course of action is to NEVER open an attachment from a source you don’t know and trust. If you’re not sure about an attachment, contact the alleged sender to verify that they sent the attachment.
When viewing links on a desktop, you can hover over the link and the destination address will appear in a bar along the bottom of the browser. If this destination email address doesn’t match the context of the rest of the email, it’s a malicious link. On your phone, you can hold down on the link and a pop-up will appear showing the destination address. As with attachments, the best rule to follow is to NEVER click on a link unless you’re 100% certain that the email is authentic.
The message has an unnecessary level of urgency. Phishing emails almost always encourage you to act immediately – and often tell you what bad things will happen if you don't act right away. Instead of clicking on a link or attachment immediately, pause and verify the source. This small delay can save your entire organization from getting hacked.
The message claims to be from a government agency or financial institution. Another important hint to watch out for is that a lot of organizations like banks and government agencies don’t send you emails with any information (like bank statements) in them. For instance, banks will usually send you a message telling you to log into your account to retrieve new information like a bank statement. For example, the Australian government, through its mygov portal will only email you a notification to tell you that you have a new message in your mygov inbox.
Another important point is that because of phishing emails, organizations like banks and government agencies usually do not provide any links to their sites in communications with you. It is never safe to click on a link in an email that you did not expect. Rather manually type in the URL of the website. Only click on a link in an email if you were expecting to get that email, and you have checked the URL.
5. Don’t Use Public Wi-Fi When Signing into Your Email
Free public Wi-Fi can be appealing, but only use your personal mobile data when signing into your email account. Additionally, avoid using public computers often available in hotel business centers.
6. Safeguard Your Wi-Fi Network
Whether talking about your business or home network, you’ll want to follow a few basic guidelines:
- Be sure to keep the Wi-Fi name hidden from strangers.
- Don’t share your Wi-Fi network’s credentials with anyone.*
- Use a strong password.
- Change your Wi-Fi network password every 2 to 3 months.
*In reality, these things are not as easy as they sound, for the following reasons: smart devices like light bulbs need your WiFi password and they are not easy to update. Friends often need to use your WiFi.
A good solution to this is that a number of WiFi routers allow you to set up a guest account which has different credentials, and which can be easily changed. Some more advanced WiFi systems also prevent guest users from accessing resources on your local network.
7. Keep Your Systems Updated
Operating system updates typically come with security upgrades. Be sure to keep your computer, smartphone and tablet updated with the latest operating system to provide the best line of defense against potential email breaches.
8. Weed Your Digital Landscape
If you have apps on your phone or browser extensions on your computer that you no longer use, delete them. Most of us skip reading any permissions when installing a new app or extension, so there’s always a possibility that these can be gateways to gaining access to your email. Better to delete them if you’re not using them.
9. Change Passwords
If you don’t want to use a password manager as mentioned above, be sure to change your passwords often. It can be tedious – but getting hacked is worse.
By following these tips, you’ll be well on your way to securing your personal and professional emails from cyberattacks.