It is always important to a secure email and this entry is basically a simple seven sure-fire ways to do it. With the rise of social network attack such as Facebook, Twitter, and Tumblr has reminded us that we had left out one important piece which is to have a secure email. This guide is not going to teach you to encrypt all your data and kept them as gibberish but instead, to have a good practice in whatever you do with your email account.
1. A Secure Email Needs to Have a Strong Password
I can’t really stress any further about having a strong password. If your password is short and easy to crack, a brute force technique can easily crack your password. If you use part of the word from dictionary as your password, hackers can run the dictionary attack in minutes. If you are not sure on how to do it, you can always refer to the post on how to create a strong password and create one strong password for your secure email.
2. A Secondary Email as Backup for Password Retrieval
When you sign up for an email account, normally you will be asked to provide a secondary email address. It is optional in most cases but I would like to stress again not to miss this optional feature. This is your last resort to gain back your username and password of your email if one day your primary email account is compromised. You should also submit an active email account and do not submit any inactive email account just for the sake of submitting.
3. Strong password retrieval Q&A
Again, when you create an email account, you will be asked a random question where you need to type in your answer. It is important to threat this step seriously as this is the first place that you are going to go if your primary email is compromised. Same goes to creating a strong password, having a strong challenge question and answer is also critical. I would also like to advice fellow readers to not only use alphabetical as your answer, but mix it with symbols, uppercase and numeric characters.
4. Encrypting the transmission channel for your secure email
If you are using a client email software such as Microsoft Outlook or Mozilla Thunderbird, ensure that your outgoing mails are all encrypted with TLS/SSL. On the other hand, if you are using a web mail based email, ensure that your email is browsed in HTTPS layer. For Gmail, you can enable the HTTPS by clicking on the gear at the top right of your inbox -> Mail Settings -> and finally under the General tab, locate the Browser Connection and select ‘Always use HTTPS’. Of course you need to login before you can perform all these steps.
5. Handle all your sensitive data carefully
If possible, never use your email to send any sensitive or critical data. It is not safe at all to do so. If you really have to send those data, ensure that you erase your SENT folder so that it is harder to track your data. Best is, use encryption when sending the sensitive data. This method however requires an encryption key and it is a little complicated to use. Email encryption will be use widely if your corporate practices PKI and have a PKI infrastructure as part of its security. If not, kept the sensitive data with you and try to deliver with other method such as manual delivery or deliver an encrypted drive.
6. Use Two-Factor Authentication
Using Two-Factor authentication means it is harder for the attacker to compromise your email account. There are many types of two factor authentication method such as SMS verification, One Time Password Token, PKI Token and variety of Smart Card for secure authentication. In my previous post, I wrote an article on how to setup a two factor authentication for your Gmail account using mobile phone as your second factor to your secure email.
7. Backup your email wisely
Do you know why backing up your email is essential? Simply it is because if your primary email is compromised and the attacker deleted all your mails, you can still restore your back up to regain back your email. However backing up your email is not something sophisticated but keeping it securely is an issue. What I can suggest is that you can create an encrypted virtual drive using TrueCrypt and store all your backup in there. Also, you need to ensure that your encrypted drive is not stored inside your primary computer. Separate it from your computer as it is not a good practice to keep your backup in the same location where the original source is.
Secure Email – The Conclusion
As a conclusion, the above are the list of ways to achieve a secure email and it is extremely vital that every individual should have a good practice in handling their email account to ensure that their email is secured. The question is, do you have a secure email? If you feel your email is not secured, why not do it now? Lastly, if you like my post on how to have secure email, do subscribe to IT Security Column by Email to get the latest tips and tricks on IT security.