2021 Securing Your Digital Footprint - Stop One: Email Security

Email Security

Hopefully from the exercise of making a list of all your accounts was helpful for you to see the overall size of your digital footprint. This month we will discuss securing those email accounts. Email security is very important because it is a common vector used for malware, phishing, and scam attacks. Attackers can even take over your email account that can result in further account takeovers. The following four tips will help you increase your email security and help you avoid attackers in your email.

Passwords passwords passwords!

You should not be using the same password for any account. Your passwords should be unique, complex, and should be changed regularly. I use phrases or sayings and incorporate numbers and special characters into the password to make them unique, complex, and hard to guess. For example, the song title Smoke on the Water I will turn into “Sm0k$ 0N th$ w@ter!”. It is easy for me to remember that song title and the additions make it more complex, also not there are spaces in the password, this is an easy way to add length to make them more complex and harder to guess or crack. Next month we will deep dive into password best practices.

Multifactor Authentication

Multifactor authentication (MFA) is an additional verification process such as an email code, text message, token, or security question. You should turn on MFA on all your email accounts. This will make is even harder for an attacker to take over your email accounts or access your emails.

It is just an attachment, right?

Wrong! Those attachments are often used to sneak malware past the email’s firewall and infect your device. A common example is where an attacker sends an email pretending to be a vendor with an invoice pdf attachment. That attachment has a malicious code that is executed when you open the pdf file. Malware can be hiding in all attachment types. You should not open an attachment unless you are confident you know the sender and you are expecting that attachment.

Watch out for those links!

Along the same thinking as attachments, you must be very cautious about what links you click on. They can take you to a website that could be a fake version of a real website where you can get malware on your device. A trick I like to do is right click on the link and select copy hyperlink, then I paste the link into a word document and examine the web address. If the web address is spelled correctly and it is a web site I am familiar with, then I will then use the link. But be very cautious with links, only use them if you are expecting them and they are from trusted sources.