Email Security: 10 best practices
Do you need email security?
Email has become an indispensable tool to communicate for many people. The shared data might be confidential, or not, but you have a right to decide to keep it private no matter what. Just like we went through some tips to protect your data, we will now focus on the 10 best email security practices.
The importance of email security has been proved many times. It is the reason why Europe established data privacy and security laws, leading to the well-known GDPR. As online communication has been growing, so did the need for security and privacy. This is a core value for Mailfence and that is why we work every day to ensure our users a safe online experience. Have a look at our threat model to know every threat we are protecting you against.
Due to the seriousness of email security threats, let’s have a look at our selection of best practices you should be aware of to improve your email security:
1) Use a strong and unique email password
It might seem pretty obvious, but Cybercriminals do not need elaborate tools to crack your email account, especially when you know that the most common password in 2021 is 123456. We cannot stress enough on the importance of a strong password. Do not use something a hacker could figure out by themself like your name or date of birth.
To create a strong password, people used to recommend using a blend of random letters (lower-case and upper-case), numbers and special symbols. This is actually out-dated, and the only recommendation is to use at least 8 characters in length. We would even recommend at least 12 or 14 characters because of current password cracking capabilities.
The longer, the better! Any character you add increases the difficulty for a potential hacker by multiplying the possibilities. You can easily find tools to generate strong passwords if you cannot think of a good one yourself but remember that the length is what you should really care about.
In case of multiple email addresses, make sure to have a specific password for each one. Your password needs to be unique to ensure security. Therefore, in case a hacker gets your password, only one account will be compromised.
2) Do not share passwords
Again, it might seem like we are stating the obvious but never share passwords, neither orally, nor in writing. More importantly, remember that you will never be asked to share a password by email. If someone is claiming they need it, it might be a scam. See our point 8 for more info!
3) Use two-factor authentication (2FA)
By using two-factor authentication, you add another layer of security to protect your email account. This way, even in case your password is compromised, a hacker would still need another code to enter your account.
Here is how you can set up two-factor authentication. You can use any TOTP application of your choice.
First, you log in to your email account by using your username and password. Then, you initiate the second login step. By using a specific application, another security code will be generated to allow account entry.
In other words, it will be impossible for anyone to authenticate to your email account without the TFA code, even if they manage to crack your account password.
4) Use end-to-end encryption
End-to-end encryption increases your email message security level by adding another layer of protection. When sending an email, you can choose to encrypt the data to protect your email communication. To decrypt the content of your email, the recipient will need a specific key (or a shared password). This way, only the intended recipient will be able to decrypt it.
Basically, users of end-to-end encryption have two keys: a public one and a private one. The sender encrypts the message with the recipient’s public key. Only the recipient, with their private key, can decrypt the message.
Just like passwords, you should never share your private key. As the name suggests, this key is and should remain private. Have a look at this article to know more about end-to-end encryption.
5) Do not click on a link in an email without investigating
Some hackers have a very sophisticated way to trick you into believing a link is safe when it is not. As a link might not be what it seems to be, never click on a link in an email before investigating. First, by resting your mouse on the link without clicking, you will be able to see the URL of the link. Therefore, check if it matches the link typed in the message. If you do not, it is easy for cybercriminals to trick you into clicking on a compromised link.
Hackers can pretend to be someone they are not and ask for sensitive information. Even if what seems to be your bank is asking for personal data, there is no reason for them to ask for it via email. This kind of request should be a warning.
6) Avoid connecting apps to your email account
Giving a third-party app access to your inbox is a risk as the app might be compromised. A cybercriminal could access your inbox through the app. All the content of your inbox would then be accessible and no more private. Privacy is one of our main concerns, thus we really want to avoid this kind of situation.
7) Never access emails when using public Wi-Fi
Another way to protect your email account is by avoiding public Wi-Fi. They can be compromised. Although we employ SSL/TLS to protect against MITM attacks, it is always better to avoid connecting to untrusted networks.
Better use mobile data, even if it means a slower connection.
8) Stay up-to-date with hackers’ new techniques
As we just stated, cybercriminals have advanced processes to trick you into trusting an email you should not. Phishing, spear phishing, … Those funny named techniques might actually be especially harmful if you do not pay enough attention.
Educate yourself! Like with many digital-related subjects these days, they advance fast and the knowledge you have might be outdated. This is why our advice is to always keep learning and reading about how to protect your email against cybercriminals.
For an up-to-date list of cybercriminal techniques you should worry about, check our email security and privacy awareness course.
9) Better be safe than sorry: never hesitate to double-check using a different media
As the old saying goes, better be safe than sorry! In other words, you should better pay extra attention.
Your coworker sent you an email with an attached file you’ve never heard of? Your cousin sent you an email with a strangely named link, which he never does? Double-check the identity of the sender. A quick phone call might actually save you a lot of trouble.
If even with our advice you still doubt the legitimacy of an email, directly asking the potential sender is a safe option. Make sure you use a different media that does not lead to any ambiguity. Make a phone call, go to your co-worker’s office, … Better safe than sorry!
10) Last but not least: be sure to log out
When done with a hard-working day paying attention to every detail to protect your email account, you do not want it to be a waste of effort. Be sure to log out of your email account when you are done. It is especially important when using a public device as anyone could access your private information once you are done.
Nevertheless, logging out is a principled habit to maintain, even from a personal device. Indeed, logging out is the safest way to oblige anyone trying to access your email account to log in. This way, if your phone or computer is stolen, your email account will still be protected by your strong and unique password and two-factor authentication we hope you will be using after reading this article.
Yes, you definitely need email security!
Email security is a priority and must be taken seriously. We hope those 10 best email security practices to safely rock 2022 will help you protect your email account from cybercriminals. If, unfortunately, you could not protect your email account, go quickly have a look at what to do if your email was hacked.
Do not underestimate the choices you can make to protect your personal data. By using Mailfence, you are taking a step forward and supporting a private and secure service.
Stay up to date with our latest articles by following us on Twitter and Reddit. For more information on Mailfence’s secure email suite, please do not hesitate to contact us at email@example.com.
– Mailfence Team
Arnaud is the co-founder and CEO of Mailfence. He’s been a serial entrepreneur and startup investor since 1994 and launched several pioneering internet companies such as Rendez-vous, IP Netvertising or NetMonitor. He is regarded as the internet advertising pioneer of Belgium. You can follow Arnaud on this blog.