Last year, 1,673 data breaches around the world led to a whopping 707 million data records being compromised. While email security has come a long way, secure email is still not an absolute term and continues under threat from assault. The FBI estimates business email scams worldwide totaled more than $1.2 billion between 2013 and 2015.
As a criminal defense attorney, I take email confidentiality very seriously. Clients come to me with real concerns and after developing an honest relationship, we set forth to resolve their issues. Certain matters are private and should remain so. However, in the days of email hacking, privacy breaches, and confidentiality ruptures, many of us don’t know how to protect our private email for security. Email privacy information isn’t complicated, although it does take a bit of know-how.
Let me show you three important ways to secure your email with the best practices and best secure email service available … this way you’ll be worry-free concerning your email security.
#1 Encrypt Your Important Emails
Without email encryption, hackers can easily intercept, open and read your emails. Though not a commonly held thought, email is basically insecure from privacy breaches. This includes attached documents as well. Once inside your correspondence, prying eyes can work their way back into your entire network. While encryption cannot protect you against the government or someone with serious hacking prowess or resources, it will keep data safe from account hijacking. That means you’ll be protected from those who would log in, reset your passwords, steal your financial data and pursue your contact list for phishing attacks.
Encryption works like a lockbox with two keys allowing encryption to work. First, you have your public key. This key is a series of numbers and letters you share with those who you want to be able to open your encrypted emails on the other end. Your private key is what you keep for yourself and never give up. It effectively opens the box around the little lockbox you send to others. When you encrypt your email, anyone who intercepts it will be unable to read or interpret them. They will appear as garbled text with all pertinent information such as photos, credit card numbers, names and address obscured and unrecognizable as a valid email.
What are the steps to encrypting your email? There are three:
First, I recommend using PGP, Pretty Good Privacy, to encrypt your messages. PGP is a free service and using it is the first step in sending secure, encrypted emails.
Next, you’ll need to generate your public and private key pairs. GNU Privacy Guard is my choice and is an extension of OpenPGP. It’s both free and easy to implement (and very popular as a result).
Lastly, we will put the configured and generated key pairs to work. Depending upon your email browser preferences, you can use either Thunderbird or Postbox to encrypt your actual messages. To use, you’ll simply scroll to the “OpenPGP” menu and choose the option to either “Sign Message” or “Encrypt Message.” Choose both for maximum email security.
The best part.
Once you’ve followed these three easy steps, email encryption will be a cinch. To obtain your emails securely from any device, grab Mailvelope, which is a free browser add-on.
#2 Choose a Tough, Secure Email Service
To move beyond encryption and preventative tactics, you’ll need to select a secure email service with stronghold security features. Such an email provider will have built-in defenses against spam, viruses and phishing attacks. The ongoing content analysis will monitor and protect data, scanning for activity that warrants active defense and, thereby, presetting compromising data losses.
Here are four savvy options you can choose from:
- Countermail: As far as paid email services go, Countermail is next level. This company does not use any hard drives during the sending of emails – opting for CDs – so there’s no risk of your IP address being logged anywhere. With servers housed in Sweden, Countermail offers advanced options like a hardware USB key, meaning no one can start your email process without actually inserting a USB drive into a computer. With Mission Impossible quality security, it’s not inexpensive to use Countermail; the lowest priced package is 24 months for $100.
- NeoMailbox: A paid service like Countermail (but based in Switzerland), NeoMailbox uses OpenPGP encryption with several added features. You can choose your own domain and use an unlimited number of ready-disposable email addresses to make emails functional as anonymous. It’s also easy to use and plugs into many mail services, such as Thunderbird – ever an Android app. Price ranges between 1GB of capacity at $50 to a year and 10GB for $110.
- Hushmail: I wanted to include a great free option as well, so Hushmail it is. For zero money, you’ll receive OpenPGP encryption, any domain needed, 25GB of storage capacity and a nice interface. Pay a bit more for extra storage and a hidden IP address, if you like. The one mark against Hushmail is: It’s previously surrendered records to the government of Canada. Hushmail says it doesn’t entertain foreign demands, however, history says something else. But if you have nothing to hide, you have no reason to worry.
- Bitmessage: Created in the modus of Bitcoin, Bitmessage uses public-key encryption tactics with a twist: anytime emails are sent, it mixes them all together, making it impossible to figure out from where the email comes. Messages are not archived so they can’t be downloaded and are deleted after two days. The Bitmessage company is also decentralized, so if you’re looking to avoid government eyes, this will be your best choice. Even if the government were to try and request an email, they wouldn’t know who to ask because no one is in charge.
#3 Create a Culture of Email Security
Though TV shows like to portray hackers as Sherlock Holmesian-type figures capable of superhuman feats of ingenuity, most often it’s one of your own compromising your business or home email security. Be sure to inform all employees and relevant parties of the risks inherent to lax data security via email. Mostly, you’ll want to apprise everyone of how to recognize suspicious requests that go along with “phishing” schemes.
All it takes is a stolen email or portal password after someone clicks a suspect link from an unknown or unrecognized sender, a “phisher.” If a hacker finds one entry portal from an opened email, the whole network is rendered vulnerable. Once inside the network, hackers send emails from internal accounts and make requests appearing as legitimate, breaching the servers to access incoming, outgoing and attached data with ease.
Malicious links are also a concern. Hackers can infect, crash and then infiltrate your system in two ways: an infected email attachment or a link to a malicious website. Often cleverly disguised and appearing legitimate, it becomes crucial that networks be protected by every user. That means ensuring the business stays focused on business and that everyone knows how to spot a fraudulent email.
To assist with defrauding malicious links, try to reduce the number of incoming emails. Bulk emails becoming too big can actually overload the filters, meaning malicious messages may reach employees. You’ll want to eliminate anything beyond legitimate emails because human errors are a guarantee and the more reduced the inflow of bogus emails such as spam and marketing messages, the more likely your networks are to remain secure. A self-learning spam filter that can sort and segment all message types will be hugely helpful for email security practices.
Recent legislation and both the Network and Information Security (NIS) and General Data Protection Regulation (GDPR) provisions place additional pressure on organizations to secure all information for customers. With data attacks more common, consumers are becoming more aware of their rights to protected data, thereby demanding groups to value their privacy.
Your options to provide security are twofold:
- Setting protection before the email arrives at your server
- Installing protection on your email server
By using a paid email security service, you accomplish these first and second options simultaneously. If you’re playing it cost-efficient, the self-encryption process we discussed above will cover the second criterion.
Email security is a matter of paying attention to practices inside your organization and establishing technology checks against intrusion. After discussing best practices of email security with your team, you can encrypt your emails from within and also be sure to instruct your team on how to do this as well. If you’d rather pay for an external service, you have a range of options and prices from which to choose. Overall, a paid email security service will be the most comprehensive way to secure emails from hackers, the government, and other prying eyes. In the days when internet protections are more porous than ever before, the most secure businesses are opting for all three measures.
From a criminal defense attorney who values security and confidentiality foremost, I recommend attending to this matter sooner rather than later.
Now I want to hear from you
Call me at (954) 933-5083 with questions or comments.
Was this blog helpful? Or maybe you have a question about something.
Either way, leave a quick comment below.
I’ll be around to reply to comments and answer questions.
So if you have a question or thought, make sure to leave a comment right now.