More than 94% of all organizations reported email security incidents, and there’s a report claiming that roughly 35% of all malware was delivered through email. In other words, regardless if you’re a professional trying to run a business or a private person just operating in an online environment, you need to learn how to protect your email.
On top of this, roughly 1.7 billion people access their email using mobile phones. With that in mind and without further ado, here’s how you can make significant improvements in this field.
1. Don’t use public Wi-Fi or use a VPN
The first thing you need to understand is that you’ll often be out of the office. You’ll check your email via your phone, or you’ll take a laptop to your favorite coffee shop and work from there for a day. When doing so, you need a secure tunnel for your data, which you can get by using a VPN.
Other than just giving you a secure tunnel, with a VPN, you also get an extra layer of encryption, lower ISP snooping, and, overall, enhance your privacy.
It’s also worth mentioning that certain email services may be blocked in some regions. With a VPN, this shouldn’t be an issue.
Sure, not all VPNs are made the same; according to software expert Aleksandar Stevanovic, many VPN providers agree that the use of adequate tools may restrict third parties from accessing your personal data.
Now, let us mention that a VPN is useful when it comes to the rest of your work. You never know when you’ll need to access a platform or a piece of content that’s geo-restricted. In this scenario, using a VPN to mask your IP will be detrimental to the continuation of your work.
2. Come up with a strong password
A password is the first level of protection. If they don’t know the password, the only way to get access to your accounts is actually to steal a device that you own and hope that you’re already logged in. Not only that, they only have a brief window of time until you remotely log out of everything.
So, what is a strong password? Generally speaking, a strong password is random and contains as many characters as you can use. Also, you want to combine different symbols so that you can increase the randomness further.
The importance of randomness cannot be stressed enough. If it’s meaningful, it’s guessable. If you pick your favorite movie character, this might be easy to guess by anyone who knows you or digs a bit through your digital footprint. It’s even easier with your birthday or your anniversary.
The easiest way to keep it random is to start using a password manager. This way, you can make it all automatic.
3. Regularly change your password
According to most guidelines, you should change your passwords every 60-90 days; however, some experts suggest this isn’t necessary if you use strong passwords to begin with. This has a number of benefits, such as keeping you as safe as possible, and it can also be made easier with the use of password managers.
The first one of them is mitigating stolen passwords and reducing the impact of data breaches. In other words, even if your password gets stolen, if you change it quickly enough, there’s a limited amount of damage they can do with it.
This way, you can also minimize the effect of keylogging. Sure, a keylogger will figure out this new password, as well (as long as it’s installed). However, if you discover a keylogger and uninstall it, the first thing you need to do is change all the passwords.
Another thing you can do is compensate for password reuse. Even if you do use the same password for everything (which is a horrible practice), as long as you change it often enough, the risk is lower. Perhaps you did this before you knew it was bad, so now you’ll change all your passwords to fix the problem.
4. Insist on 2FA
One of the most important things for cybersecurity on any platform is that you introduce the 2FA. This means that instead of just using your password, you need to authenticate that it’s actually you via another method.
The process of turning on the two-factor authentication in your email is pretty simple. It’s an in-built feature, which means that you won’t have to download third-party content, you just need to know how.
This works by sending a security code via SMS or another email when a password is used, usually from a new source. Then, you enter this security code or follow a link you’ve received, and you can log in. The math is simple: it’s a lot harder for a malicious third party to get access to both of these.
Having your email password and your device stolen at the same time is not impossible but it’s less likely.
5. Use antivirus
Previously, we’ve mentioned the use of a VPN but this is not the only software you need to stay safe. Why not get an antivirus as well?
Now, one thing that many people don’t do but that you definitely want to do is install an antivirus on all your devices. This way, you’ll increase your overall protection. The majority of people believe that antivirus software is just for their desktop computers, which is a massive fallacy that’s pretty hard to dispel.
An antivirus provides proactive protection for all your devices. This means that it detects problems and resolves them as they happen, without any need for you to take part in the process. Every once in a while, it will ask you whether you want to delete a file or quarantine it, but this won’t happen as often as you think.
You have to ignore your antivirus to download a virus deliberately. You need to pause it for an hour or actively add it to an exceptions folder.
It also gives you an option to engage in active scanning.
6. Learn how to recognize phishing
One of the most important things you need to do is understand the threat of phishing. The textbook definition is that it’s a link that sends you to a fake page, which sometimes looks real. There, you’ll install malicious cookies or just leave your password, and the malicious third party will know exactly what they are.
They’ll sometimes make you click a link that will initiate a download without you even registering it. If this malware/virus is new (in the past few days) and your antivirus/anti-malware is not up to date, you’re in for a world of trouble.
So, how do you protect yourself from phishing?
First of all, check who the email is from. If it’s an email from someone you have never heard of before (even if it sounds legitimate), it’s safer not to click on the link or download an attachment.
Second, hover over the link. Sometimes, you’ll spot a spelling error and realize that the “error” is not an accidental one.
Just stay suspicious in order to be safe.
7. Monitor account activity
Lastly, it won’t hurt to start actively monitoring your account activity. This means that you should check the last time someone logged in and from what device.
Chances are that you’re not using that many devices. Each of these devices has a unique and descriptive signature, and you should know exactly what it is. You should learn to recognize your PC, your tablet, your mobile phone, and perhaps even your work computer. Next to the description of a device, there’s usually a location, as well.
You should set up the system so that it notifies you about a new attempt (although this is often a default). This is that extra alert that could save you in the long run.
Your email is a gateway to everything else
Just think about all the times other platforms ask for your email. You probably use the same email to log into your Facebook, Instagram, X, TikTok, and LinkedIn account. If it’s a business email, it’s linked to the accounts of all your work-related platforms, and it contains all your business correspondences. In fact, compromising your email is probably the most damning thing one could do to you online. Therefore, you need to be extra careful to stay safe.