As an IT administrator, I have seen a lot of users fall prey to malware they could have easily avoided. But how do you avoid something you have zero knowledge about? Mail server administrators should not be the only ones with knowledge on how to use email safely and securely, users too need to be equipped to identify basic security threats to their email usage.
Cyber breach incidents that occur via emails can be avoided if users are armed with the right information to enable them to identify phishing scams and other basic security threats.
Let’s check out a list of 10 quick safety tips all email users need to know.
1. Always use two-factor authentication for your email passwords:
Two-factor authentication adds an extra layer of verification that immediately reduces the risks associated with compromised passwords, through sending a code or authentication request on another device or platform for approval. Without a second factor approval, a password alone is more vulnerable because it can be hacked, guessed, or even phished giving room for intruders’ access. Two-factor authentication secures your logins from attackers who may be exploiting weak or stolen credentials. Contact your IT administrator to activate two-factor authentication for all your emails immediately and get an approval notification whenever there is a login attempt on your account.
2. Do not share your login credentials with anyone:
Sharing your login credentials with friends and colleagues compromises your email security and increases your vulnerability to an attack. Passwords are confidential and should be treated as such. You should have control over your account at all times. Imagine sharing your password with someone who decides to change it, that already restricts you from having access to your own account and will cause a great deal of inconvenience for you. It poses an even greater risk to yourself and your organisation if you are using an organisational email address and your attacker is on a phishing mission. Never share your passwords with anyone, not even with your IT administrator.
3. Do not login to your email from a public device or another person’s device:
Because you cannot determine the type of malicious software that exists on another person’s device, or the existence of malicious intruders on a public network; it is safe to avoid accessing personal and organisational emails from devices that are not yours. You may forget to log out or may mistakenly click ‘Remember password’ which allows your password to be retained and retrieved by the browser or device. This has serious security implications for you and your organisation if you use an organisational email address. As much as possible, avoid accessing your emails from any other devices and if you really need to, make sure to log out and clear the browser’s history immediately you are done.
4. Do not click unsolicited links sent to you via email, social media, or SMS:
Most online cyber-attacks are launched when a user clicks on malicious links. Hackers often send links that look legitimate via email. But these link when clicked, allow them to steal information from you easily. As a general rule, never open or click links from unknown senders. Always double check even with known senders.
5. Hover your mouse over links before you click on them to see if the URL looks legitimate:
Before clicking on any link sent via email, be sure to hover over them to identify the underlying URL. This usually appears on the bottom left corner of the browser window. Click on a link only when you are certain of the legitimacy of the URL.
6. Avoid downloading attachments from unknown senders:
Email attachments that contain malware are also popular channels for hackers and cyber criminals. The easiest way to avoid these scams is not clicking on the links or attachments immediately. Instead, open another tab, and go to the website of the company cited in the email to check if the information presented is from an official source.
7. Avoid websites that do not have the ‘https’ prefix:
Hypertext Transfer Protocol Secure (HTTPS) is responsible for secure communication over the internet. It also provides validation for organisations and individuals that host their information and web pages on the internet. The emphasis is on the ‘S’ letter at the end. Every visit to an unprotected HTTP website can potentially reveal information about your internet patterns and identity.
8. Alert the IT or mail administrator of any suspicious emails:
It is important to keep your IT administrator informed of any suspicious emails. This will enable them to effectively put in measures to configure SPAM filters on your mailing system to be more susceptible to identifying phishing and malicious emails.
9. Do not post your email address to public websites or forums. Spammers often scan these sites for email addresses:
Most websites that promise freebies and incentives often require registration with your email and other personal information. A lot of caution should be exercised whenever we are providing information on websites as hackers often scan these websites for information for use on their hacking expeditions.
10. Learn how to recognize phishing emails.
Here are a few red flags:
Messages that contain threats of shutting down your account
Requests for personal information such as passwords
Words like "Urgent" or sending false sense of urgency
Forged email addresses
Poor writing or bad grammar
Pro tip: hover over the sender’s name to confirm the email address and look out for minor typos.
In an organisation, your network is only as strong as its weakest link. Don't be a weak link. Before you think about tech tools and software to keep away from digital threats, consider personal precautions as the first step.
Always remember that email security is everybody’s responsibility.
For more information on digital safety and security, register for our free, online, self-paced course:
Background Illustration: Photo by Tero Vesalainen from Shutterstock / Shutterstock license