Email Security: Your Practical Guide to Keeping Your Inbox Safe
We use our email pretty much every day to communicate with others and often to send and receive sensitive information through it, but do you ever consider if this is the safest way to do this for both the sender and the recipient?
The truth of the matter is that email is not very secure, especially when using standard email services like Gmail, Yahoo, or Outlook. While these providers do offer some basic email security features, like spam filters, these are simply not enough to thwart a skilled or determined cybercriminal and you often need to dig through your email provider security settings to turn them on in the first place.
In this article, we’ll go through some practical tips on how to secure your email account and keep your inbox safe in 2022, as well as recommend a secure email service that will help you upgrade your online privacy, so let’s get started.
What Types of Threats Should You be Securing Email From?
Cyber attackers can use a variety of email attacks and methods to steal your sensitive information, but we can generally distinguish two main groups of email threats:
- Threats in transit
- Threats in the inbox
We’ll explain both of these types and also point the most common type of threats for each.
Threats in Transit Your Email Provider Might Not Protect You From
Threats in transit are those that target your email messages on their way to the intended recipient.
The most common type of transit threat is the Man-in-the-Middle attack (MitM), where the attacker secretly monitors the email communication and data exchange between the sender and the recipient to intercept it and steal or modify and sensitive or personal information.
The good news, however, is that most email services, including free ones, support encrypted communication via transport layer encryption, which greatly reduces the likelihood of a MitM attack, but it’s still not 100% attack-proof.
We’ll talk about transport layer encryption and other types of email encryption protocols that you should be using in a bit.
Threats in Your Inbox that can Affect both the Sender and the Recipient
Another type of email threats are those that come directly into your inbox.
The most common of these are phishing schemes in which the attacker will send you a fake message pretending to be someone you might trust (like a bank, lawyer, or a service you’re likely using).
Unfortunately, these types of threats are much more common than the previous type and can often be difficult to spot before it’s too late (i.e. the cyber-criminal has your username and password) as phishing scams are getting more and more sophisticated.
Email Encryption Solutions You Should be Using to Protect Your Email Account
There is simply no way of protecting your email account and the sensitive information that it contains without implementing email encryption solutions.
There are two encryption options that you should both be using to secure your account and these are:
- Transport Layer Encryption
- End-to-End Encryption
Transport Layer Encryption
Transport Layer Security (TLS) is a security communication protocol that serves to promote data privacy and security over the Internet and can be used in email encryption, but also other types of web communication such as Voice over Internet Protocol (VoIP), messaging, etc.
This data encryption standard protects the email message and the data in it as it travels between the sender and the recipient, but not at the ends (in the inbox) and includes three main components:
- Encryption – Where the TLS connection goes through Handshake to create a set of algorithms that tell the protocol what session keys to use to encrypt messages
- Authentication – In this step, the email server needs to authenticate and verify the sender for the others to prove their identity
- Integrity – Finally, a message authentication code (MAC) verifies to the recipient the full integrity of the data they got and that no one has changed it.
While TLS protects your email data in transit, your sensitive information can still be vulnerable in your inbox.
This is where end-to-end encryption comes in.
Here, data is secured at the user-ends, by first using the public key on the sender’s end to encrypt data, and then using a private key known only to the recipient, to decrypt the data.
So, for example, even if an attacker manages to intercept the email message, without having the right decryption keys, they are unable to read the data.
Practical Tips for a Secure Email in 2022
Now that you are familiar with the most common threats to your email account as well as email encryption protocols you should be using, we’ll show you some practical tips on what you should do to secure your email.
Use a Secure Email Provider to Encrypt Messages In Transit and at Rest
Standard email services like Gmail don’t really support encryption communication other than TLS and even that is often questionable as both the sender and the recipient need to have TLS on for it to work.
On the other hand, regular email providers don’t have end-to-end email encryption themselves, so if you want to use it and protect your account information, you would need to install a third-party end-to-end encryption service, which can be a difficult task for someone who is not technically savvy.
Fortunately, there are secure email services that use end-to-end encryption by default and without the user needing to install any extra features themselves. One of these providers is CTemplar, which uses OpenPGP encryption to protect your data at all times.
Create a Strong Password
Having a strong password is often the only thing standing between your account information and the hacker. if the hacker figures out your password, they can have free access to your online accounts, including your email account, social media, bank account, etc.
When creating a password for your email account, avoid using anything that is too descriptive and could be used to figure out your identity, such as the names of your children, your old school and the like.
Instead, use something that can’t easily be connected with you and make sure to use a combination of upper and lowercase letters, numbers and special characters in your password as well as making sure that the password is at least 10-12 characters long.
You can also use a password generator by LastPass or some other similar service to create a random password.
Use Two-Factor Authentication
However, relying only on a password to protect your email account and personal information will not be enough in the long run as sooner or later, even the strongest of passwords can be cracked by a skilled hacker, or you might end up a victim of a phishing scam and reveal this information to the scammer yourself.
This is why it’s important to also make sure that your email provider uses two-factor authentication (2FA) that will protect your account from unauthorized use even if the attacker has your username and password already.
The way 2FA works is that it uses two-step verification, where you first have to provide the username and password login information as usual, but then in the second step (that’s why it’s called two-step verification after all), you’ll also have to a second verification such as a PIN or token you receive via SMS on your mobile number.
Create Custom Filters for Potentially Malicious Email Messages
Although your email service already probably has a spam filter, cyber-criminals are finding new ways to avoid it and end up in your inbox instead of the spam folder.
This is because spam filters can’t catch them all so you need to carefully monitor potentially suspicious emails as they get into your inbox for certain trigger words that you can add to the spam filter to make it stronger.
Log Out When You’re Finished Using the Email
If you’re using a company laptop in your office, or a public computer for instance, always be sure to log out of your account once you’re done.
Closing the app or the web browser will not be enough, as someone coming after you could still log in to your account.
If you’re using your own device, this might not be necessary, especially if you’re using it at home, but if you’re on a public WiFi, or if someone else also has access to your computer, it might be something that you should consider doing.
Understand How Phishing Scams Work
We already explained how phishing schemes work.
It’s very important to be familiar with these and know how to avoid them in order not to fall prey to them and have your personal information end up in the hands of criminals.
To avoid falling victim to phishing, avoid downloading any attachments or clicking on links to web pages sent to you from unknown sources. Always look carefully at the sender’s email address and compare it with the official address that company is using. You’ll see that it is completely different.
Don’t Send Personal Information via Email
Even if you know and trust the other side, you should still avoid sending personally identifiable information (PII) via email unless that’s really necessary.
Whenever possible, instead, communicate in person with the representative of the organization.
Encrypt Your Communication Using a VPN
Of course, this isn’t always possible and in some cases you will have to send your personal information via email, like when applying for a job, but in this case be sure that you are using a secure, HTTPS connection at least.
A more secure way to protect your communication is by using a VPN service like NordVPN, which will encrypt your traffic with AES encryption and hide your IP address.
We’ve been using email for decades now and, truth be told, it hasn’t become much more secure in that time.
Still, as email is something that you use every day, even several times per day and you often need to send sensitive information over it, we hope that this guide will help you protect your email account from threats in 2022.
Do you want to step up your online privacy? Sign up for CTemplar and protect your email contents from bad actors.
A truly secure email depends on email encryption to protect the contents of the email and its users.
First, the message is encrypted using a public key on the sender’s side. This scrambles the data, making it unreadable to anyone without the right decryption key. The message is then decrypted using a private key when it reaches the intended recipient’s inbox.
This way, only someone with the right private key can open and read an encrypted message.
To send a secure email to someone, you first need to make sure that the connection between you is secure. On Gmail, for instance, you can see a lock icon that will tell you if the other side is using TLS encryption. If the icon is green, that means they are using TLS.
More importantly than TLS, however, when making sure your email is secure, you should any sensitive or personal information out of it as much as possible. If you do need to send this type of information via email, be sure to send documents securely and if necessary use encryption on them.
We believe that everyone needs a secure email.
Because even your most mundane email messages may contain data that can be interesting to cyber-criminals who can steal your information and use it for their own purposes, unless you encrypt contents of your email.