
The much-publicised Democratic National Committee (DNC) email hack that resulted in nearly 20,000 confidential email messages leaked to WikiLeaks takes place amid a highly politized post-election environment. The US government has been quick to point fingers and label the attack a state-sponsored cyber-attack orchestrated by the Russian government, however, culpability and politics are not the focus of this blog article.
As expected, this news story has reignited the conversation about email and online security, raising the following question: are my emails safe from prying eyes? Although most business and personal email correspondence do not contain the same level of sensitive information routinely handled by governments or political parties, it is imperative for users to know if their inboxes and/or messages are at risk and if so, how to mitigate those risks.
Are Your Emails at Risk?
If you or your organization rely on email to transmit sensitive or confidential information, you should not be solely relying on password protection for email security. Instead, you or your organization’s IT department should ensure your email provider or servers incorporate some level of security or encryption beyond the run of the mill easy to crack password protection.
Between 2012 and 2014 a Romanian email hacker nicknamed “Guccifer” hacked into about 100 email accounts including those of former president George W. Bush and former Secretary of State Colin Powell. During an interview with The New York Times, Guccifer confessed he was able to penetrate these email accounts by leveraging rudimentary tactics, namely surfing the web for information about his targets and “guessing the answers to their email security questions”. His tools: basic computer knowledge, an old NEC computer, and a Samsung cellphone.
The case described above shows how easy it is for “hackers” to penetrate email accounts and steal confidential information. Furthermore, a report by Google shows that approximately 40% to 50% of emails between Gmail and other email providers are not encrypted; meaning they can be snooped by prying eyes while in transit to their destination.
The truth is, when sending a message through an email provider such as Gmail or your corporate email account, the message can easily be intercepted by a malicious actor, not to mention your account can also get hacked. To mitigate the risk of emails and other sensitive information falling into the wrong hands you should be taking a few simple precautions.
How to “Bulletproof” Your Emails
Email encryption is supported by popular email clients such as Microsoft Outlook, Exchange, and Gmail. Google’s Gmail uses Transport Layer Security or (TLS) to create an encryption “tunnel” between its email servers and everyone else’s. When emails are in this tunnel they can’t be hacked. However, a tunnel has 2 ends, so for a message to be encrypted- both sides of an email exchange need to support encryption. Below are some measures that can be taken to maximize email security.
Add an Extra Layer of Encryption
To ensure your messages are secure even if the recipient is not using an encrypted email service consider using an inexpensive service such as Start Mail. This service is similar to the email encryption systems used by banks in which the recipient needs to answer a secret question in order to access the message.
Is Your Password Good Enough?
As for avoiding a “Guccifer” type hack, ensure you don’t re-use the same password for every account and refrain from using a password from the “most common passwords list”. It also goes without saying, but your security question must be very difficult to guess.
Avoid Public Wi-Fi
Public Wi-Fi networks are a hacker’s dream! Under this scheme, attackers can position themselves between your device and the hotspot connection point. This means your device is not talking directly to the hotspot, instead, hackers can easily penetrate your device and gain access your information. To be safe, you might consider using a VPN, visiting only HTTP, SSL websites and turning off Wi-Fi when not in use. As a rule of thumb, it is also recommended to refrain from online banking and other sensitive transactions when connected to a public Wi-Fi.
By following these simple tips, chances are your emails will be secure and will help you or your organization avoid any embarrassments à la DNC.
To Discover How Our Incident Management Software Can Protect Your Company, Schedule a Personalized Demo By Clicking on The Button Below.