Email Security
Some pretty simple tips to make sure you are not an 'easy-target'.
Below are 10 great tips to help with your email security:
1. Invest in protection software
Protect your computers from viruses, worms, Trojans and unwanted SPAM / phishing scams etc. Software you should implement includes:
- anti-spam
- antivirus and anti-malware
- content filtering
2. Be careful opening links/documents in emails
Always be super careful about clicking a link or opening a document from an email. FULL STOP!!
People you know and trust may have had their email compromised so don't assume it is safe if it comes from their email address.
Mouse over the email address or link to make sure the link looks valid and matches the domain the email is coming from.
You can always visit the senders website if you are unsure whether or not the emaill is legitimate.
3. Don't trust ANY unsolicited offers from unknown sources
If you do not know the organisation/person sending you a special offer; don't click on any links or images in the email.
You can always Google them and visit their website directly if there is something in the email that interests you, but we advise against it.
4. Never send any personal information
The Banks, ATO, Australia Post, electricity/gas suppliers, hosting company, Ebay, PayPal, etc will NEVER ask for you to supply and/or confirm any of your personal information in an email.
Although the email may look legitimate, there is a 110% probability that it will not be.
If unsure you can always visit their website directly or pick up the phone and talk to them.
5. Never include sensitive information in an email
Email is not a secure form of communication; never share sensitive information such as credit card information; documents with your signature on it.
Even details like your date of birth which can be used by scammers to gain access to your bank accounts.
If you need to share this information consider investing in a program like Adobe PDF where you can lock and password protect important documents which contain this sort of information.
6. Avoid Public Wi-Fi
Public Wi Fi networks are extremely insecure. Anyone can set one up and name it to look like a reputable company.
Don’t check you email on a public internet connection and NEVER login to your internet banking on free wi-fi networks.
Additionally; you should always have a password on your smartphone / tablet - if you don’t you run the risk of hackers picking up content like emails off your device as you move through Wi Fi hotspots.
7. Connect to the email server in SSL
Make sure when you receive/send emails that you are completing this in a secure session (e.g. it requires a password and a secure session). Many email providers offer this as an extra service; enquire with your email host to find out what is involved including extra costs to implement this.
Please note that some email programs don't handle SSL very well, so this tip is more of an 'if possible.......'
8. Passwords
Make sure your passwords are complex, at least 9 characters long and are not easy to guess.
And please change them every 90 days. Any password can be cracked if it is never changed.
Although it appears to make your life easier, do NOT share the same password across many areas (e.g. social media, banks accounts, emails).
If you are compromised then having the same password for everything can cause a lot of damage to your entire digital life.
9. Implement training
Spend time with your staff training them on what to look out for and what to do if they feel their is a breach; a simple 15 minute education session could save you thousands in replacing computer systems if you fall victim to a serious breach.
10. If you think something has gone horribly wrong..........
DON'T PANIC.
If you are at work and using your computer/laptop you must disconnect it from the network straight-away and then contact your IT department to run a scan and fix any issues that they find.
If you are at work and using your own laptop/tablet/phone then disconnect it from your work's wi-fi network immediately and get your IT department to scan your device.
Your employer and work colleages are going to be thrilled if your inaction caused them to lose their data or potentially get blackmailed into paying the hacker to get their important information un-encrypted again.