< ? php //If there is analytic campaign data, attempt to get the campaign_guid from that cookie if ( 1 === preg_match( '/pk10mkto-([0-9]+)/', $_COOKIE[ '__utmz' ], $match ) ) { $campaign_guid = $match[ 1 ]; } ?>

In-Box or Pandora’s Box: Must-haves for Email Security

May 27, 2014

Are you controlling your email or is email controlling you? Probably the latter. It seems that the entire workday (and many other parts of the day) revolve around the electronic in-box.

That’s all the more reason to make sure you are controlling your email ─ your email security, that is. As helpful as it is, email is also the door through which much mayhem can enter your life and the company’s network.

People’s perceptions of their own email security awareness versus others is interesting, as the findings from a survey conducted by cloud security solutions partner SilverSky show:

  • Forty-three percent of respondents indicated they were “very concerned about email security and go above and beyond the company prescribed procedures” to protect their business communications.
  • Thirty percent of respondents claimed to be “much more security conscious” than their co-workers.
  • The majority of respondents (fifty six percent) have accidently sent an email to the wrong person while at work. Additionally, more than half of employees (fifty three percent) have received unencrypted, risky corporate data (credit card numbers, social security numbers, passwords etc.) via emails or email attachments.
  • One in five respondents know of someone within their organization who has been caught and reprimanded for sending out sensitive information without adhering to corporate protocol.
  • Many (fifty three percent) were quick to single out co-workers, saying they’ve received unencrypted, sensitive data – such as sensitive attachments, social security numbers, protected health information and valuable corporate secrets – via email. Yet only seventeen percent admitted to sending out this risky data themselves.
  • Only thirty two percent of organizations currently use an email data loss prevention (DLP) solution, and even fewer (twenty one percent) use an email encryption solution. As such, 46 percent of respondents indicated that email security could be improved within their organizations.

It’s easy to identify with at least a few of these. Hopefully, you are among the “much more security conscious” individuals rather than the ones leaking company secrets.
For all those who wish to improve their email security even more than they already do, here are a few tips to consider.

1. Don’t centralize.

Out of habit or lack of concern, many people have only one in-box they use for everything. That’s risky because if it is hacked, all of your email in that one account is vulnerable to exploitation. Set up multiple email addresses matched to different aspects of your life … personal, business, friends and family, a hobby or personal interest.

2. Be unique.

See above. Each email account should have its own unique password. The more unique, the better. Even if you have multiple accounts, it would be easy for hackers to test other accounts if they cracked your personal email account. Change passwords every three months, too. Hackers are persistent buggers; the longer they have to chip away at your first line of defense, the more successful they’re likely to be.

3. Gone phishin’.

No reputable company will ever send an email to request that you send them your personal information or password. Not ever. In other words, never. If such an email from a high-recognizable sender lands in your in-box, it’s bogus. It may look legitimate, but it is not. It’s not realistic that PayPal or some government agency needs your help to fix your misbehaving account by asking you to verify personal information or make a test deposit of cash.

4. Click me not.

Start with this: never click on a link within an email. If you do that, you’ll be better off forever. Now, what are the exceptions? If you’re expecting a specific email, such as verifying that you just opened an account somewhere, or a registration link for an event, then it’s probably not much of a threat. But, err on the side of “never.” If you receive an email that could be real but you’re not sure, then close it and go directly to the website yourself or call the purported sender.

5. Trouble attached.

Your best friend sends you an email with an attachment that says, “Be sure to watch this to the end!” You will most likely open it and get a good laugh. But, have you ever received an email from yourself or something odd from the gal across the hall that you know she’d never send? Trash it. If the email is unsolicited (like the one you received from yourself), never open it or any attachments. The file may look innocent – the best do – but assume guilty until proven innocent. Filenames can be spoofed; JPEGs could be EXEs in disguise and those EXEs will run as soon as they’re downloaded.

6. Scan for scammers.

If you open an email, and it seems suspicious in any way, run a malware and virus scanner. Not every spam email will infect you with a virus but better to be safe than sorry. It may seem like overkill to run a malware scanner every time you open a fishy email, but you know what will happen when you don’t, just that one time. Your computer loads a keystroke logger.

7. Understand public Wi-Fi.

You’re enjoying a latte at your favorite coffee spot or waiting for your flight to take off and out comes your smartphone, tablet or laptop to check for new messages. It’s almost a habit by now but using public Wi-Fi is a crap shoot.  “Network sniffers” that run passively in the background of some hacker’s device can be monitoring all of the wireless data flowing through a particular network, including important information like your username and password. To be safe, make sure that your communications are encrypted.  Most Exchange connections are.  If you use a web-based mail client, look for the SSL/TLS lock that indicates a secure connection.  When in doubt, use a VPN.

It is because these technology tools have become such a big part of daily living that they are valuable to the bad guys. They’ll never stop creating new ruses and tactics to crack your codes and steal your personal “assets.” Practicing vigilance at all times, exercising common sense and employing managed security services to provide protection at all levels are the only ways to slow them down.

Fine tune your content search

About Peak 10

"Our values are the foundation for everything we do at Peak 10, and are ultimately what enable us to earn our customers' business and their trust."
David H. Jones,
Board Member, Peak 10 + ViaWest