When it comes to email, there are plenty of email security mistakes that new users tend to make and that bad actors like hackers and scammers can abuse. However, even experienced users also can underestimate the importance of some simple tips to follow. Here are the 7 biggest email security mistakes and what you should do to avoid them.
Biggest Email Security Mistakes
1. You Use Only One Email Account
Email is free and it takes only a few steps to create an account. There’s no excuse for using the same account for your personal and business messages, and, on top of that, use it to subscribe to online services.
What happens if you lose control of your account or it gets too many spam messages that it becomes unusable?
You should have at least three email accounts. One for personal messages with friends and family. Another for business messages with colleagues, your boss, or employees. And finally, one that you use for signing up for online services.
If you really prefer to have one single mailbox for all your needs, then you can use aliases OR use plus-addressing to track unwanted emails.
Follow our 7 tips if you’re looking for a way to keep your email account secure.
2. You Use a Weak Password (and Have Never Changed it)
These are actually two email security mistakes, but they are closely related, so they work here as one.
As email is often used to sign up for most online services, keeping it secure is incredibly important.
However, if you are using a weak and easily guessable password, you are only making it easier for cyber attackers. There are some bad password habits you really need to get rid of.
Look, no one is asking you to remember some impossible equation or create a 30-character random string. That’s just too much. But at least try not to have your password something like “1234567890”, “qwertyuiop” or “password”.
Like we said already in this 11 password best practices to keep your account secure article, keep your passwords 10+ characters long and use capital and small letters, numbers, and special characters. Even better, use passphrases instead.
At the same time, keep in mind that even the most complicated passwords can be cracked given enough time.
So you should update your email password every so often. If you are already using a strong and unique password, you don’t have to do this every three months (as BBB used to recommend back in the day). Do it at least once a year to throw a little wrench in the cyber criminals’ plans.
3. You Don’t Recognise Phishing Attacks and Scams
A phishing attack aims to trick the user into revealing their personal information. For this to work, fraudsters use all kinds of trickery to make unsuspecting users trust them.
This includes creating an email account that looks like it’s from a legitimate business, and then making them think they will lock down their account if they don’t reset their password right away.
Of course, once you remember that no legitimate business will ask for your personal or financial information via email, these types of emails become little more than an occasional nuisance in your inbox.
So what you should do here is always first thoroughly check the email address. Sometimes you’ll be able to spot it from miles away. For instance, no legitimate business will use an email like honey123@business.com. But other times, the fraudsters will be a little smarter and create an account (probably a throwaway) that will look almost legitimate.
In that case, be sure to go to the businesses’ website and check what their actual customer support email address looks like.
As education is the key to protect your data against social engineering, we’ve gathered all you need to know in our email security and privacy awareness course.
4. You Answer Spam
Listen, spam messages are no doubt annoying, but there are other and better ways of getting rid of them than answering in a vain attempt to get them to stop.
Because they won’t.
Instead, what you should do if you want to avoid spam is to be mindful of where you leave your email address. Sure, some spam will still get to you, but, for the most part, your inbox should be free of spam, and it will all go into the Spam folder instead.
This is where the number one rule of avoiding email security mistakes on our list comes in handy. Avoid using the same email accounts you usually use for personal and business for signing up to websites.
You can also use our plus-addressing function to track spam.
5. You Don’t Log Out Nor Delete Browser History and Cache
This one is more for those using email on a public network system computer, such as at work, school, cafe, airport, etc. With your personal laptop, this isn’t that much of a problem.
You can’t know how the browser there is set up and if it keeps your browsing history. Assume that it does.
What can happen here is that someone can come after you to the same computer, open the browsing history, reopen your email and have free reign to do whatever they want, like get your sensitive information, change your passwords, and so on.
To avoid a scenario like this, always log out of your email account once you’re done using it and also be sure to delete your browsing history to remove all traces of you ever using that public computer.
6. You Don’t Scan Email Attachments
Email attachments are a great way to share both files and malware.
First of all, you should never click and open email attachments from senders you don’t know or trust. No matter how tempting they look because they could easily carry malware.
They could promise a $1 million reward inside, but you should still avoid them (especially those).
Since most companies sent their employees to work from home, there has been a significant rise in malicious attachments, especially in PDF and Office files. However, with restrictions being eased and most businesses reopening their offices, we have seen a decline in malicious Office files by 54% and PDFs by 13%, according to the 2021 SonicWall Cyber Threat Report.
7. You Don’t Encrypt Important Emails with End-to-End Encryption
Finally, you should encrypt your emails, especially those containing any sensitive data that a hacker can gain access to if the email is not encrypted.
This is where end-to-end encryption comes in. Here, the email will be first encrypted on the user’s end with the public key and can only be decrypted by the intended recipient with the private key.
For this, you’ll need to use a secure email service like Mailfence, which will make the whole process much easier (you don’t have to install any 3rd-party PGP software) and safer.
And, if you’re not sure about it, here’s why banning encryption is a poor idea.
Conclusion
Everybody makes mistakes, but some, like these 7 email security mistakes can cost you more than others. Feel free to check our advice in case you have made one of the mistakes mentioned above or have a suspicion that your account is hacked.
Hopefully, now you better understand how to avoid them and keep your email account and personal information safe. Besides following those tips, you can also improve the security of your email accounts by subscribing to a secure and private email account. Mailfence supports end-to-encryption to secure your emails. You can also benefit from a cluster of essential office tools such as a calendar with polls, contacts and groups management, a chat service, and a document storage and management tool, all secured.
