How to Master Email Security
Email is one of the most popular methods for sharing information and connecting with new customers. At the same time, it can also be one of the easiest ways to compromise data or send people to websites that are not secure. Read this newsletter to learn how to master email safety.
Ways To Improve Email Security
You should strive to use an authentication app such as BitWarden, Google Authenticator or Apple Authenticator in order to implement this. If you cannot use any of the suggested apps, ensure that you use your personal email address to receive the MFA code; and make sure that is tied to your cellphone. As a last resort, you may use a phone number in order to authenticate your identity. Although this is the weakest method of MFA, it is better than none at all. If your existing mail system.
Use Multi-Factor Authentication To Improve Email Security
Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA) is a security process involving two or more steps to verify your identity. Two Factor Authentication provides a second level of protection and enhances the security of your online accounts by requesting both something you know, such as a password and something you have, like your mobile device.
You should strive to use an authentication app such as BitWarden, Google Authenticator or Apple Authenticator in order to implement this. If you cannot use any of the suggested apps, ensure that you use your personal email address to receive the MFA code; and make sure that is tied to your cellphone.
As a last resort, you may use a phone number in order to authenticate your identity. Although this is the weakest method of MFA, it is better than none at all. If your existing mail system does not support this, it is time to migrate to Microsoft 365 or similar systems.
DO NOT Re-Use Passwords. Your Email Security Depends On It!
The most common reason for compromise is password re-use. Never use the same password for multiple services. This extends to having a password and only changing digits/characters at the end of the string.
Do not use common passwords Ex. company123!
Work towards utilizing a password management tool such as LastPass, BitWarden to store credentials to your email. They are all good. Learn to love one and make it a day-to-day practice.
Verify The Sender
Attacks occur by compromising users in the company and monitoring emails to learn the social and practical roles – then copying a message thread in context and replying from an external email to send you malicious links or demands.
A good safe-guard when you suspect the email is “out of ordinary” is to hover over the name of the email or name and verify the domain. For example if you suddenly you receive a suspicious request of pay this invoice to this new bank account, you should carefully verify the sender’s email address. Many people will register a similar domain, switch to a Gmail address, and set up the common name to be the same. This type of phishing is something we encounter daily.
If you still cannot be sure that this is legitimate, halt all action, pick up the phone and give the sender a call in order to verify. Alternatively, choose to start a new email thread with the intended recipient to check in.
Best Practices To Reduce Risk To Your Computer
- Think before you click. Sounds silly, but it matters.
- Only Use a modern, updated browser such as Chrome, Firefox, Opera, Safari or Brave to access links
- Use an Adblocker when you can- Ublock Origin is the best (compatible on most browsers)
- Use a firewall that filters suspicious or blacklisted URLS
- Use a modern anti-virus solution- DNSnetworks recommends Sentinel One. It’s got a phenomenal reputation.
- Never share your passwords.
- Never leave your passwords in a file on your machine for any reason. If required, at least encrypt the file that contains it and delete it when done.
- Never type in your password on a website link that you click while browsing to or from and EMAIL. Stop. Close the tab. Go to a new tab and type in the URL you want to go to (eg: bank), log in there. Many phishing attacks imitate Office.com and other bank sites to steal your password this way.
Looking to improve your email system? Learn more about our Ottawa Managed IT Services.