This blog post will answer the question, “How to protect your email from being hacked” and cover topics like how you can make your email account more secure and protect your email account from online threats like hackers.
Can you effectively protect your email account from being hacked?
Yes, you can make your email account secure and you absolutely can defend yourself from being the victim of cyber crime and hackers as long as it is a priority and you are proactive in staying informed and taking the necessary steps.
Authentication is key to access and your email account is not likely to be accessible without a password. In the hands of a skilled hacker, an email address can be quite a valuable commodity however, to be able to gain this level of access, they need a password or must be able to obtain it readily.
How can you protect your email account from being hacked?
The sheer perseverance that some hackers possess that enable them to try out multiple methods in gaining access, can be mind boggling and even impressive to an extent. Hackers are a resourceful bunch. In an age where information is currency and knowledge is power, most hackers will not hesitate to make attempts to gain access to key email accounts and the potential wealth of information they may contain.
The hackers will not be able to read your emails or send any from your account without that password, but they will try to find a way to access it or capitalize from the email account (if they fail to access it entirely).
The following methods can be applied by you to improve your online security as well as protect your email accounts from being hacked:
- Make use of a strong and reputable Password Manager
- Apply good password managing practices when generating your own passwords (in case you decide against a Password Managing program)
- Avoid using open or public Wi-Fi
- Activate additional authentication tools such as Two-Factor Authentication (2FA)
- Educate yourself on how to identify suspicious emails and how to deal with them
- Regular updates of Operating Systems (OS) on all your online devices as well as existing Anti- Virus (AV) software.
- Make use of email encryption as far as possible
Knowledge is power and you too, can use this to empower yourself in defending your online accounts and identity. The best weapon you have to protect yourself is to be mindful of the threats lurking online. Stay aware and informed of the latest security measures available to you and the dangers faced by you, the regular email user.
Make use of reputable password managing programs
By making use of a password managing program the user only has to know one master password, instead of having to remember the login information for multiple online accounts and sites. Most of these password managing programs allow the use of autosave and autofill features that enable the user to securely connect to all the users’ accounts with ease.
A password manager is a program that encrypts, generates and stores all your passwords in a safe location. Most of the reputable password managing programs allows you to securely save credit card information and make notes.
Some password managers support the use of biometric data (fingerprint or face) as an added layer of security and convenience. You can also share selected information with your family and friends without copy-pasting it into an email or instant message.
We must also point out that some providers offer multiple methods to save your data. There are a few categories that password managers can be divided into, so do your homework and decide on one that will work the best for you.
Apply good password managing practices
If the use of password managing tools are just not an option for you, then consider using the following quick guidelines. These are also applicable regardless of the use of password managing tools.
The below points should be helpful in creating good online habits and are useful in applying good password managing practices:
• Do not recycle, re-use, or duplicate passwords. Use a unique password for each of your accounts.
• Use a combination of letters, numbers, and special characters. This should no longer just consist of the creative spelling of words (commonly known as Leet or “1337”) since hacking tools have adapted and can read words written in Leet. That means that you can no longer use passwords such as “C@r3n” instead of “Caren”, and think you are fooling anyone.
• Create a password that is hard for others to guess or that cannot be extracted somehow with the use of social engineering techniques. This basically means that anniversaries or the use of the names of loved ones are no good or viable options when picking a password.
• Make sure your password recovery options are up-to-date and secure.
• Change your passwords regularly (at least once a month on all your devices and accounts).
• Avoid predictable keyboard patterns such as “QWERTY”. Use patterns instead of human words or Leet e.g.: “2022@wsxXDRty!”.
• Never share your password or keep it stored in plain text where it can be stolen or copied.
It is strongly advised that today’s online users make use of password generating – and management tools to generate passwords on their behalf. These programs provide a significant level of encryption and passwords cannot be guessed (password generation happens at frequent intervals, are random and are not based on your personal information at all).
Avoid using open or public Wi-Fi
The rule of thumb exists that if you are prone to use open Wi-Fi, then you are an ideal target for threats such as a “man-in-the-middle” attack. This type of attack method is when your private and confidential messages or emails are intercepted by a potentially malicious third-party without your consent and knowledge.
Another factor of free and public Wi-Fi, is that you have no control over how this Wi-Fi is set up or how securely the router may be configured. You have no idea how often the settings or firmware are updated and you definitely do not get a vote on how frequently or by whom the internet services are monitored and maintained.
Similarly, the public users of these free services have no control over the levels of security implemented and enforced by the providers of the free and open Wi-Fi facilities.
Two-Factor Authentication (2FA) for additional email security
2FA is an added layer of security that makes unauthorized access to your accounts more difficult. This type of authentication ensures that all of your online accounts require additional levels of authentication before access can be allowed.
It uses multiple and various categories of validation, making it more challenging for an online intruder to gain access to your accounts.
This basically means that a hacker will not be able to access your account even if the hacker has your password. The hacker will not be able to access your account unless they have the second form of identification which can be your phone or security key.
The codes used in the security keys are unique and created for your account only when you need them and are only available once. Some security codes are set to expire and will only be available to use for a limited period of time.
The security code can be sent to your phone via text, voice call, or a mobile app. If you have a preset security key, it can be saved on a removable drive and accessed through your computer’s USB port.
During sign-in, you can choose not to use 2FA again on that particular computer. From then on, that computer will only ask for your password when you sign in.
However,when there is a sign in attempt to enter your account from any other device 2FA will be required again.
The use of security questions are other additional forms of authentication and are not similar to 2FA. They also do not offer the same level of security as 2FA.
Identify suspicious emails (Phishing)
A hacker can use phishing as a method of attack against your email accounts. The purpose may be to gain access to an email account or information suspected of being contained within the contents.
Phishing is a popular type of social engineering attack that can be successful in stealing user data, company confidential information, login credentials and banking or financial information.
It involves a message, notification or email that seems like legitimate correspondence or coming from a trusted source and often contains links, URLs and attachments that often contain other forms of malware or PUAs (Possibly Unwanted Applications).
Once you start clicking away on URLs or pictures and opening attachments, all sorts of information can be communicated back to the attackers. This may include your usernames and passwords or other account details that you may have voluntarily entered or sent to the scam artists.
It is advised that companies ensure that all their employees are updated on the latest threats or attack methods regularly, so make it a priority to attend the user awareness training or workshops when they are offered by your employer.
Knowledge is power and the best way to protect yourself is to stay informed. Another good source of information on how you can learn to spot a suspicious email or ward of a phishing attack is by regularly referencing reputable web sites such as https://www.phishing.org/10-ways-to-avoid-phishing-scams
Updating your OS (Operating System) regularly along with your browser and other applications, will go a long way in making it harder for an attacker to gain access to your system as well as protect your email account from being hacked.
In addition to this, you have to ensure that you are using the correct and running the latest version of your software as well as the chosen OS. It is also a good idea to make sure your operating system is running the latest version.
Software and online services are reviewed or revised regularly to repair flaws or bugs that may be used or exploited by a hacker. These flaws are often referred to as exploits or vulnerabilities.
Hackers target the vulnerability by taking advantage of the discovered weaknesses of an outdated system by writing code or manipulating certain factors to target the vulnerability.
Once malware has found its way onto your machine, it can steal data, cause damage, replicate and spread ( often to other users and devices in your contacts list and network), encrypt or assist the hacker to load more malware such as keyloggers and Viruses.
The ultimate goal for the hacker will then be to have access and control over the data, programs and accounts on the infected device.
Regular security updates of your browser and software attempt to repair these vulnerabilities, adding the necessary security you may need to ward off an attack.
Anti-Virus (AV) is an extremely important tool for any system and device that accesses the internet, online services, or external storage. A reputable AV can go a long way in thwarting attacks and malware infections, as long as it is allowed to update regularly and not prevented from scanning your files, emails and programs when it needs to.
An AV is only as good as its last update, since it relies on signatures and virus definitions acquired from its managing engine (usually in the Cloud) that is necessary to effectively identify the latest threats, malware and Potentially Unwanted Applications (PUAs).
It is possible for emails and their attachments to be intercepted by a hacker that infiltrated a network, especially if the messages are sent while connected to public Wi-Fi.
Even on corporate networks, email messages are mostly transmitted in plain text and are not protected by secure protocols such as SSL.
To remedy this serious weakness and threat, an email encryption tool can be used to encrypt the contents of an email and the attachments before sending it. Only the intended recipient of the email message will be able to decrypt and read the contents.
Although your email account cannot necessarily be hacked without the proper authentication such as a password, it is not impossible for a skilled hacker to gain access eventually.
Healthy online habits, proper encryption policies, strong authentication and user awareness are key to staying safe when using the internet and online services.
In an age where information is currency and knowledge is power, most hackers will not hesitate to make attempts to gain access to key email accounts and the potential wealth of information they may contain. The best weapon you have to protect yourself is to stay aware and informed of the latest security measures available to as a regular email user.
Please feel free to comment on the contents or ask questions in the sections below.
1. Should I use 2FA if I am already using a password for my email account?
Yes, you should use 2FA (Two-Factor Authentication) along with a password. Adding the additional layer of security is no longer an option but a necessity in an evolving threat landscape.
It is strongly advised that a Password Managing program be used instead of thinking up your own passwords, as well as using various methods of authentication to be communicated e.g. Have your PINs sent via text and install a separate authentication tool on your mobile instead of having it installed on your laptop (do not keep all your eggs in one basket).
2. How often should I change the password to my email account?
The rule of thumb used to be that all passwords should be changed every three months, however, it has become more acceptable and necessary to change passwords once a month. Never reuse a password or use the same password for multiple accounts. Each account should have its own password and login combination.