Few will debate the importance of having strong email security. The ramifications of losing control over the sensitive information living in personal
and business accounts are serious and far-reaching, to put it mildly.
And yet, the frequency of account hacking continues to rise. According to the Javelin Strategy and Research 2012 report, identity fraud rose by 13 percent in 2011 and security breaches increased by 67 percent (includes cases of mobile device and social media hacking incidents). In July of 2012, more than 450,000 Yahoo, Gmail and AOL email accounts were hacked.
A Strong Password is not Enough
It's easy to assume that your accounts are secure once you've taken the basic privacy measures; you picked a strong password, you don't share your login info, and you try to avoid public WiFi when logging in to your accounts. Steps such as these help to an extent, but they do not ensure account security. (If you're not convinced, take five minutes to read Wired senior writer Mat Honan's cautionary tale about how hackers destroyed his digital existence - and why his passwords couldn't protect him.)
The reality is that email account security continues to be a major challenge. Despite the fact that email has been in use for more than 30 years, there is still no standardized, failsafe method for protecting accounts. Until a security silver bullet is developed, there are ways you can make your accounts and communications highly resistant to hackers and eavesdroppers.
Server Configuration and Message Encryption
When it comes to your business, you will ideally have support from an IT department that can ensure that your messages are encrypted and that your accounts are secure. This involves configuring your server to support only encrypted communications.
For web-based email and some servers, this can be done by configuring the email to connect through HTTPS rather than HTTP. For traditional client email software like Microsoft Outlook, the software must be configured to connect to the server with encrypted protocols. Furthermore, messages sent outside the organization should be secured through file-level encryption or a secure gateway. Taking these measures will prevent any snooping by outside parties - regardless of who has access to your wireless network.
Protecting Your Accounts
To minimize the chance of having your accounts hacked, you should depend on more than simply having a 10-character alphanumeric password. In his Wired article, Matt Honan gives some additional tactics to consider:
- Set up incorrect (but memorable) answers to security questions.
- Designate a secure email address for the sole purpose of password recovery.
- Enable two-factor authentication so that you receive a text when you login from new locations.
- Clean up your online presence by opting out of sites that store your information.
- Use a different password for each of your accounts.
- Make your passwords as long as possible.
- Don't use real words as passwords.
- Avoid easily crackable number substitutions.
The time it takes to set up extra cautionary measures is a small price to pay for preventing a security breach. If you have any email security tips that we might have missed, feel free to share them with us in the comments section.
Until next time-