Despite the fact that many of us can’t function without checking our email on a regular basis, we often take the privacy and security of our inboxes for granted. But if there’s one thing we learned from the Sony Pictures hack, it’s that email is a prime target for hackers and data thieves — and it’s not a particularly difficult one, either.
And then, there’s the issue of surveillance. While most of us aren’t spies emailing U.S. secrets to unfriendly nations, the idea that somebody might have a back door into our personal emails is more than a little unsettling.
Of course, that doesn’t mean that secure, private email isn’t possible. It’s just up to you to take a few precautions to keep your email safe:
1. Use two-factor authentication
The basic principle of two-factor authentication is simple: combine something you know with something you have. One example is a debit card, which requires you to have both your physical card and your PIN to verify your identity. By enabling two-factor authentication (or two-step verification), you aren’t putting all of your faith in a password. That’s a good thing, considering how weak many of our passwords are. For Gmail, setting up two-step verification is as simple as clicking a button and entering in your mobile number. For Windows Mail, or Outlook, it’s a similar process. Just log in, go to your “Password and security” tab and click “Set up two-step verification.” Now that you’ve enabled two-factor authentication, a hacker with your password is out of luck — unless they’ve also managed to steal your cell phone.
2. Limit forwarding
When we’re sent a message we want to share, we often click “Forward” without thinking about the consequences. Where is the message going? Who will see it? Where will it be stored? If your email is hosted on a corporate server, it is likely there are certain security measures in place to protect any sensitive information contained in your private email. When someone forwards an internal email to a recipient outside of your company, however, you are exposing that data (as well as any other emails in the forwarded chain) to potentially unsecured, unencrypted servers.Similarly, if you’re a covered entity sending email containing protected health information (PHI) to a business associate, all it takes is one employee to forward that email to an unauthorized recipient to violate HIPAA.
3. Set expiration dates on your messages
While some of us can’t stand a messy inbox, the average user doesn’t bother cleaning up their private email, often seeing deleting email as a waste of time. Considering more than 50 percent of us receive at least 11 emails a day, can you blame them?That means that any sensitive information you send to a client could very well be sitting there months later. At that point, you no longer control the fate of your data.Luckily, Virtru lets you set an expiration date on your email, so that after a certain date, it will no longer be readable by the recipient (or anyone else, for that matter).
4. Understand your service provider’s TOS
Your email provider’s terms of service can tell you a lot more than their media interviews and advertisements can. For starters, it’ll let you know what kind of security they are offering you. Are they encrypting messages on their server? Do they have protections against brute-force attacks? Is there any guarantee that your data is being protected? While you might think your email provider has your best interests in mind, there’s a good chance that they don’t have the same expectations you do. Take Google for example, which openly passes private email through automated scanning. After reading your email provider’s TOS, you’ll likely realize that keeping your private email secure isn’t their first priority — that’s entirely up to you.
5. Encrypt your email
The best way to keep your private email away from prying eyes and hackers is to use encryption. Encryption protects your private email by jumbling up your messages, making them impossible to decipher unless you explicitly authorize someone to read them.If you are using a client-side encryption service like Virtru, even if your inbox is compromised, the contents of your message will be unreadable. Likewise, you don’t have to worry about your messages being intercepted after you send them, either by hackers or nosey service providers. As an added bonus, if your email ends up getting stored on a server outside of your control, you still have power over who gets to see it — and you can revoke that permission at any time.
While email may not have been designed to be secure, but users can enjoy added privacy and security with a few workarounds. Virtru works with the email service you’re already using to provide true client-side email encryption for your messages and attachments. Download Virtru today to see how easy it is to protect your email privacy.