Email is one of the most targeted communication channels for cyberattacks. A study by Egress, called the ‘Email Security Risk Report 2024’ found that 94% of organizations experienced cybersecurity incidents related to email breaches.
Email security is clearly a stressor for most organizations and even individuals. Unfortunately, some people, including top government officials, underestimate the risk of cyber-attacks through this communication channel.
Back in 2015, teen hackers hacked the Director of the CIA, John Brennan’s, email account. They used a simple yet effective form of attack where they posed as a Verizon worker to trick the top government official and his employees into revealing sensitive account information.
These teens used a simple form of cyberattack called phishing. We’ll discuss more about this type of cyberattack, but the main takeaway is that if it happens to top government officials, it can definitely happen to anyone.
That’s why it’s very important to be proactive and take your email security seriously. In this article, we’ll discuss some of the best email security measures to keep your accounts and personal information safe.
Educate, Train, and Sensitize Yourself (and Your Team) About the Best Email Security Practices
People working in teams, such as employees or colleagues, play a massive role in email security.
One study showed that around 74% of all successful email hacks are attributed to human errors. Like in the case of the CIA director, around 15% of employees respond to phishing attempts, giving attackers a potential foothold.
So, the first step in email security is to educate yourself or your employees about cybersecurity. This eliminates the risk of human error and prevents cyber-attacks from being successful.
But where should you start?
- Consider getting a specialist on board who can conduct regular training for your employees.
- If you’re purely interested in bolstering your personal email security, start by learning cybersecurity online by yourself.
With that said, here are key areas to focus on when getting training for yourself or your team members:
Phishing Attacks / Scams
These attacks are perhaps the most common form of attacks that cyber-criminals online use to trick people into giving away personal credentials. Approximately 79% of email account breaches and takeovers start with a phishing email.
The FBI termed this type of data breach as one of the most financially damaging online crimes.
Learning about phishing attacks and how to stop them is one of the best ways to enhance your email security.
So, what is phishing, and how does this type of attack happen? Here’s everything you need to know about phishing attacks and the stages that these attacks follow:
- Phishing attacks are all about tricking you to give your personal data to malicious cybercriminals. Attackers create emails, text messages, or even phone calls that appear to be from a legitimate source you trust. This could be your bank, a credit card company, or a popular online service like Netflix or Instagram. They could even pose as your friend or colleague.
- These emails and messages often create a sense of urgency that can cause panic and anxiety. For example, they might say that your account has been compromised and that you need to change your password immediately. They might even say that there’s suspicious activity or that you need to verify your information urgently.
- This email or message might contain a link that looks like a link to the real/actual website, say your Instagram, Netflix, Gmail or Bank account. But clicking the link takes you to a website that appears identical to the real account. In some cases, clicking that link downloads spyware, malware, and viruses that could infect your devices with malicious software.
- Once you’re on this site, you’ll be prompted to give away your personal information, like your account passwords, credit card details, or social security numbers.
Once they have your personal details, they can do the following:
- Identity Theft: Attackers can use your personal information to create fake IDs and assume your identities. After doing this, they can open new accounts, take out loans, drain your accounts, make unauthorized purchases, or even get medical treatment—all under your name—and this can have damaging effects on your finances and credit score.
- Account Takeover: Have you ever seen questionable posts by celebrities claiming they did not make them? Attackers can hijack your email, social media accounts, or other online services, including your Instagram, Twitter, and WhatsApp, and then use these accounts to spread spam, scam others, or impersonate you to damage your reputation.
- Malware Infection: Sometimes, clicking a phishing link might download malware onto your device. This malware can steal even more information, spy on your activity, or hold your data hostage in a ransomware attack.
Phishing attacks can be dangerous to both individuals and organizations, hence the alarming remarks by the FBI. Fortunately, there are measures you can take to keep your email accounts safe from phishing attacks as follows:
- First, recognize that legitimate companies rarely pressure you for information through unexpected emails. Treat any unsolicited emails with suspicion, even if it appears to come from a familiar source.
- The same goes for links- don’t just skim through email addresses or mindlessly click on links. Look for misspellings or strange domains that indicate the emails might be fraudulent.
- NEVER share your passwords or personal information. Legitimate companies won’t ask for sensitive details like passwords or social security numbers via email or text. If such information is requested, it’s a phishing attempt.
- Enable Two-Factor Authentication (2FA): 2FA adds an extra layer of security by requiring a code from your phone, secondary email address, or other devices besides your primary password to gain access to your email. It can be a tedious process when setting it up, but once it’s up, it works like a charm.
- If you are part of a work team or are employed, you might want to invest in regular training and education sessions with real-life examples to simulate potential threats and how to avoid them.
Taking these steps can significantly reduce the risk of falling victim to phishing attacks while protecting yourself or your team members from the damaging consequences.
Use Strong Passwords
Passwords are the first line of defense in our digital lives. These are the gatekeepers that keep our email accounts, bank statements, social media profiles, and other personal information safe from unauthorized access.
However, most of us use simple passwords that compromise our accounts. For example, the most commonly used password, by a significant margin, is ‘123456’.
Using simple passwords, such as pet names, street addresses, family nicknames, and other related passwords, makes it easier for hackers to gain access to your accounts. Furthermore, over 60% of people reuse their passwords for multiple accounts, increasing the domino effect of an account breach.
Creating strong passwords for your accounts is a great way to strengthen the first line of defense for your email account.
Here are some tips to keep in mind when creating passwords:
- Long passwords are harder to hack: Aim for passwords at least 12 characters long. The more characters, the harder it is to crack.
- Add a layer of complexity to your passwords: When creating your password, consider uppercase and lowercase letters, numbers, and symbols for a complex password. You can also use password generators available online which are free. But be sure to choose those ones that won’t store your data when you use them.
- Consider a password manager: Because these passwords are complex, remembering them might prove challenging. However, using a password manager to store all your passwords is highly recommended because it’s a safe way to store and remember your passwords for all your accounts conveniently.
Avoid Public Wifi
Public Wi-Fi is a heartthrob, as it offers the fantastic convenience of staying connected almost anywhere. However, these networks can be risky and unsafe.
Checking your emails while using public Wi-Fi can compromise your personal information and put you at risk of a data breach. According to Statista, about a quarter of adults in the USA had their private information compromised because of using public Wi-Fi, such as those found in cafes, airports, or restaurants.
But why are public networks unsafe, and why should you avoid using them?
Many public Wi-Fi networks lack encryption, which means your data travels in plain sight, including sensitive information like your passwords, social security number, and bank details. That’s risky because you don’t want this information available to anyone monitoring the network traffic.
We recommend avoiding using public wi-fi, but if you must stay connected through these networks, consider the following measures:
- Avoid financial or sensitive transactions: Avoid online banking, shopping, or any activity that involves sending sensitive information on public Wi-Fi. If you must, use your smartphone with cellular data turned on, not on the public wi-fi.
- Use a VPN when on public Wi-Fi: A Virtual Private Network (VPN) solves the problem of lack of encryption by encrypting your internet traffic, creating a secure tunnel between your device and the web. This makes it much harder for hackers to steal your information, even on public Wi-Fi. Consider VPNs offering free trials to allow you to try them before settling for your ideal one.
In Conclusion, these are the Best Email Security Measures
Emails are widely used for communication, especially at work and among friends and family. However, this popularity has also made them a target for cybercriminals looking to drain your accounts, cause reputational damage, or steal your identity.
Fortunately, there are actions that you can take to increase your email security and avoid falling victim to scammers and cybercriminals.
Here’s a brief recap of the best email security measures you should consider adopting for the safety of your accounts and finances:
- Educate yourself and your team members about potential email scams and hacking threats. The most common email attack is phishing, which involves scammers sending emails with a sense of urgency, asking you to change your password or give your personal information. Educating yourself about these attacks, especially using real-life simulations, is one of the best ways to avoid this financially and reputationally damaging attack.
- Using strong passwords that feature layers and depths of complexities is a great and secure way to bolster the first line of defense for your email accounts.
- Avoid using public Wi-Fi networks. Most of them lack encryption technology that hides your traffic and personal information relayed over internet connections. If you must use these networks, consider using a VPN to encrypt your connection as well.
There are many other practices that you could adopt to help safeguard your email accounts. Keep educating yourself and your team to stay updated with the latest cybersecurity practices and threats for a safer digital outlook.