When’s the last time you actually mailed a letter? Seriously think about it. If you’re anything like us, you’re probably not too sure. And like us, I bet you send a ton of emails. But the old envelope and stamp is a bit underrated when it comes to security. Unlike email, real letters can’t be hacked, they can’t be copied en route, and if anyone reads them, they need to be ripped open, so you’ll know.
But there’s no reason your emails shouldn’t be just as safe. So, check out our top 5 safe email tips and correspond with confidence!
1. Know your enemy
This is big. A lot of people worry about their spouse, boyfriend or coworkers going through their email and take security precautions accordingly. But the enemy you least expect is the one that’s going to get you. The girl looking over your shoulder at the coffee shop may be suspicious, but the guy in the corner sniffing packets is the one you should be watching.
The best solution is to be ready for anything. Emails contain a lot of sensitive and valuable information, so be ready for anyone who might want unauthorized access.
2. Don’t put all your eggs in one basket
Split up your emails! You probably already have at least two accounts — one for work and one for personal stuff — but you should really break it down even further. Create another account for things like internet banking and bills. If your primary email account is compromised, you really don’t want the wrong people getting their hands on your account numbers and passwords.
We also recommend a separate account for newsletters. You know all those sites that require an email address to access their content? Most of them are selling that address to third parties that want to spam you with all kinds of things you’re probably not interested in. Relegate unsolicited ads to a newsletter/advertiser account and keep your inbox a little safer.
3. Close your email account on shared computers
This one’s pretty obvious. If you access webmail from a public computer at a library or internet café, make sure you log off when you’re done! But even beyond that, empty the browser’s cache before you leave. All browsers keep a history and a cache that lists sites you’ve visited and content you’ve accessed. Some caches might even display some of the content you’ve looked at in your emails. So before you log off, just click over to settings and empty that cache.
This is where things get real. Keeping email safe on your computer is one thing, but, by its design, email must travel between servers and computers. And this is where your information is most vulnerable.
Hackers often employ a tactic called packet sniffing to steal your data. Normally, when a computer is connected to a network, it automatically collects only the packets with its own address on them. A packet sniffer, however, can collect all data packets moving on a network and it takes only a novice to reassemble that information on their own computer. In many cases, that data is your private email!
Encryption stops packet sniffers in their tracks. When you encrypt your data, the only thing cybercriminals see when they grab your packets is garbled gibberish.
Most webmail clients automatically offer some level of encryption. When you see the “s” at the end of “https://” in your webmail’s URL, that means they are using a form of encryption called Secure Sockets Layer (SSL). Unfortunately, many criminals can now crack some forms of SSL encryption, leaving your data exposed.
Desktop mail clients like Microsoft Outlook can also encrypt messages but require the sender and the recipient to first share private keys that are used to encrypt and decrypt the messages. While this is certainly useful for regular correspondents, it’s not particularly practical all the time.
So while SSL and private keys are both handy, if you want serious security, you’ll need to take matters into your own hands. And a virtual private network (VPN) is without a doubt the best way to keep your email safe after it leaves your computer. When you use a VPN, not only is your data thoroughly encrypted, but it also travels through a VPN tunnel that actually hides your packets. Unless your adversary has a supercomputer and a lot of time on his hands (it would take a supercomputer longer than the age of the known universe to crack a VPN’s 512-bit encryption), you’re safe.
5. Inbox Canary
This is probably one of the coolest and most clever ideas I’ve ever heard, but it does require some substantial infrastructure.
Coder and blogger John Graham-Cumming developed what he calls the canary as a way to see if any nefarious individuals are accessing his Gmail account. Here’s how it works:
John created a bait email sent from a fake account with the subject line, “Barclays Private Banking: Confidential Account Details and Login Credentials.” He then starred the email, which keeps it at the top of his inbox. Surely, anyone looking for valuable information would click on it immediately.
Once opened, the email looks like a typical letter from a bank with a Barclays logo right in the message. This is the canary. The Barclays image is hosted on John’s personal server where he runs a bit of code that lets him know whenever the image is loaded. Since the image is loaded from the server any time anyone opens the email, the code on the server knows, the canary sings, and John knows somebody is in his email.
So there you have it! Follow our guidelines along with basic safe browsing techniques and your email will be safer than even old fashioned letters!