October is Cyber Security Awareness Month, an annual reminder for all Australians to stay secure online.
Email is one of the main communication channels used in today’s digital world. In this article, we highlight the activities you should undertake to ensure your email and other online credentials are secure.
Your email identity is unique and a common identity credential. It is commonly used to verify possession of accounts (e.g., social media, streaming, purchasing), communicate with trusted individuals (friends, employers, and staff) and send sensitive information (including financial and personal data).
With access to your email, cybercriminals can launch profitable cyberattacks, impersonate you, or gain access to your connected services. As such, it is considered one of the most popular and valuable personal attack targets for cybercriminals.
Though your email content may seem mundane to you, it potentially provides access to your identity - a goldmine for cybercriminals. Consider the following:
- Have you ever tried resetting your password without access to your email address?
- How often do you question the sender’s identity when receiving an email from your boss or colleague?
- Have you ever sent or received financial records or personal information via email?
While your emails may not contain top-secret information or financial and personal data, data as innocent as your school, birthday, or pet’s name can help cybercriminals piece together an identity to facilitate new attacks.
So, what actions can you take to protect your emails?
While there is a multitude of threats lurking online, it is important to remember that there are just as many ways to defend yourself.
Security solutions typically involve a trade-off with ease of use and, for this reason, are often better suited to business rather than personal use. To enhance your own personal email security, we recommend the following measures:
- Never reveal your passwords to others
You would not hand over the details of your ATM card and PIN to a friend, let alone a stranger. So why give away your email username and password? These login credentials protect information as valuable as the money in your bank account. Nobody needs to know them but you. If someone is asking for your password, it is a scam. - Length trumps complexity
These days, brute-force cracking short passwords are almost effortless. While password complexity remains important, the longer your password is - a minimum of 16 characters is ideal - the longer it takes to crack. - Do not reuse passwords
For most people, it is not if they will be hacked, but when. Therefore, make sure you limit potential damage by ensuring no passwords are reused between accounts. When one account is compromised, the others remain secure. - Strong passwords and password vaults
Password management tools, or password vaults, are a terrific way to organise your passwords. By storing passwords in a secure backup, you can focus on improving the password complexity, length, and diversity. - Use Multi-Factor Authentication
Even the best passwords have limits to the level of security they provide. Multi-Factor Authentication (MFA) and Two-Factor Authentication (2FA) add another layer of protection in addition to your username and password. Where possible, we recommend you enable these added controls. If a hacker manages to guess or otherwise obtain your password, it will not be enough to access your email account. - Try out email aliases
One way to tame your email inbox is to use unique email aliases when signing up for new accounts. Adding a “+” character after the username portion of your email address, followed by your desired notation (e.g., luke.smith+aliases@domain.com.au), allows you to create an infinite number of unique email addresses, all tied back to your original account. While aliases can help you detect breaches and fight spam, keep in mind that not all websites allow them, and they can complicate account recovery.
Email protection and online credential needs will vary from person to person; whether you only need basic security for personal use or are a business owner protecting your enterprise. If someone gains access to your email, they can steal sensitive information, change passwords, and even send emails pretending to be you. It is more important than ever for individuals to be vigilant with personal email security.
To discuss cybersecurity in your business, including your information security awareness program, get in touch with a member of the BDO Cyber Security team.