You cannot be too vigilant when it comes to computer security.
Each day we hear of a new virus or other type of malware making the rounds. Email is often used to implant malware into a computer or direct the user to a malicious website. Once the computer has been compromised or you visit a malicious website you are at risk not only for computer problems but you are also at risk for your personal, financial and other information being stolen. This can lead to identity theft, data loss and a host of other problems.
How to keep your email safe from hackers
Here are some basic — but crucial — steps you can take to secure your email:
Choose a strong password
Choose a secure, random password and change it regularly. Choose a password that is at least 8 characters long. The password should be a combination of upper and lower case letters, numbers and symbols. Use a different password for each site you visit.
I cannot stress the importance of having a different password for each website. Imagine if someone gains access to your email account. One look through your email messages and they can get an idea of the other sites you visit: your bank, your 401K provider, your doctor’s office, Social Security, sites you use to pay bills online and so on. If you use the same password for those sites it will be very easy for them to hack into those accounts as well.
Never share your password with anyone else or write it down and leave it where others can see it. Working in IT I cannot count the number of times I have seen a user write their password down and stick it to their computer monitor or leave it out in plain sight.
Use a password manager
Install a password manager to store your login and password information. KeePass and eWallet are both good choices. These programs can be used to generate a random, secure password. Both programs allow you to save this information to your local hard drive as opposed to an online password manager. I don’t recommend storing any personal or private information online. Just be sure to back up your computer regularly.
Be careful with security questions
Choose your security questions wisely. Many websites require you to choose security questions when you register for an account. The security questions can be used if you forget your password and need to gain access to your account. When providing answers to the security questions, do not use real answers; instead use nonsense answers.
Common security questions are: “What is your mother’s maiden name?” “What school did you go to?” “What street did you grow up on?” These are all easy to guess questions and answers. If the person trying to gain access to your account knows you, they can easily answer those questions. Or just by visiting someone’s social media page you can often get that information.
I personally use my password manager to generate another password. A set of random numbers, letters and characters. I then log those questions and answers in my password manager for each site so that I have the answers available if I ever need them.
Beware email attachments and hyperlinks
Do not open an email attachment unless you are expecting it, even if the email is from someone you know. If that person’s email account has been compromised, they may not have sent the attachment. If you are unsure if the attachment is legitimate, call the person who sent the attachment and ask them. Never open an email attachment from someone you do not know. Delete the email immediately.
Do not click a hyperlink in an email message that you are unsure of. Often these hyperlinks take you to a fake website. Once there, you may be tricked into providing sensitive information. For example, the email may look like it is coming from your bank or someone else you do business with and the website may ask you to provide personal information.
Hyperlinks can also take you to a website that contains a virus or other malware such as a keylogger or ransomware. As with an email attachment, only click a hyperlink if you are expecting it and even then, be careful. If you are not sure, call the person who sent the message and ask them.
Don’t send private data via email
Never send sensitive data in an email message. Once you send an email, it is out of your control. The email could be compromised on the way to the intended recipient or the recipient may intentionally or unintentionally share that information with others or use the data for malicious purposes.
Avoid Public Wi-Fi
While it may be convenient to connect to a public Wi-Fi network to check your email or do other work online, it is dangerous. Public networks are notoriously easy to break into. Wait until you are on a secure network to check your email.
Use antivirus software
Be sure to install a good antivirus program on your computer and keep it up to date.
Be careful about sharing your email address with the public
Do not share your email address on websites or forums. Spammers often scan these sites for email addresses. Once your email address has been collected, you will receive spam and possibly other dangerous email. Do not click the “Unsubscribe” link in an email message. Doing so only lets the spammers know your email address is legitimate, which could lead to you receiving more bogus email.
Open a second email account
Open a second email account for websites you register for online, like message boards, Facebook, Twitter. Keep your personal email account private. Having a second email account will help to keep your personal account safe.
Learn to spot phishing emails
Learn how to recognize phishing emails. Scammers find new ways daily to trick users into opening attachments or visiting dangerous websites. Often, they send threatening messages that make the user feel a sense of urgency to do as instructed. Your bank, the IRS, other government or financial institutions, or any other legitimate business will not ask you for personal information in an email message.
If you receive a message and you are unsure if it is legitimate, call the business you deal with directly. Never click a link or call a phone number provided in the email message. Instead, use a web address or phone number that you know to be real. Never reply to spam email messages this only tells the spammer that the email account is active. The Federal Trade Commission offers tips on their website on how to recognize these types of messages.
Set up two-factor authentication
Two-Factor Authentication adds an additional layer of security when accessing your email account. It ensures that the person logging into the account is who they say they are. When you use two-factor authentication, you will log into your account with your username and password but then you will be required to provide additional information to gain access to the account. The “second factor” could come from something you know such as a PIN number or secret question — or from something you have such as a code sent to your smartphone.
Avoid chain letters
Never forward or respond to chain letters in an email message, even if it is from someone you know. Chain letters are always scams and may contain viruses or other malware. They are also an easy way for spammers to gain access to hundreds of valid email addresses at once. Each time one of these email messages is forwarded to others all of those receiving the message have access to everyone else’s email address. Delete any chain letter email messages you receive.
Learn the difference between BCC & CC
When you need to send an email to multiple people it is almost always best to use BCC (blind carbon copy). This prevents all of the recipients of the email message from seeing everyone else’s email address. When you use CC (carbon copy) everyone you send the message to can view all of the other email addresses. Ask your friends and family not to include you in forwarded messages unless they use BCC.
Don’t forget forget to log out
Always log out of your email when you are finished using it. This prevents someone else from gaining access to your email. This is especially true when using a public computer or a computer others use.
More stories you might enjoy from Clark.com:
- Scam alert: Do not apply for this fake Amazon work-from-home job
- MyLife compiles your personal info into a ‘reputation score’ — here’s how to remove it
- How to tell if that email you get from Amazon is legit or a phishing scam