How Safe is Your E-mail?

While e-mail may be the new snail mail to the iPhone generation, the fact is that it is the most-used conduit for communication in our world today. E-mails routinely contain business deal discussions, social security numbers, bank account information, and personal information intended only for the recipient.

Along with its convenience, e-mail also carries certain liabilities. Though we immediately think about virus protection for our computers, many of us fail to realize e-mail is the easiest and least-noticed backdoor for hackers. That doesn’t mean you need to avoid using e-mail because it isn’t 100 percent safe. That bill in your mailbox isn’t 100 percent safe; neither, for that matter, is the one being handled by a mail sorter.

E-mail Security Concerns

When you use an e-mail application such as Microsoft Outlook without proper protection, the account credentials that log you into the incoming and outgoing e-mail servers are sent in text from your computer, over the local network and Internet, to your servers. Any e-mail messages you send or receive are in text as well.

That means, if you are checking or sending e-mail on an unsecured or unencrypted network, such as using a Wi-Fi hotspot, anyone with the right tools and knowledge can capture the network packets and read your account credentials and messages.

If you are using a Web-based-only e-mail service, such as Yahoo Mail or Gmail, you also have a security concern. If you fail to follow proper guidelines when using Web-based e-mail services, your messages and login info can also be intercepted.

Even when you use encrypted connections to your e-mail servers, messages you send can still be in clear-text when they reside on your e-mail server and when they leave your server. For example, your messages may pass through other servers on the Web during their travel to the recipient’s server, which might be unsecured and monitored by hackers. And, the recipient may not use encrypted connections to his or her servers. Therefore, Mr. Hacker could intercept the message you sent containing your sensitive information when the recipient downloads your message from his or her incoming e-mail server.

Always use Encrypted Connections to Your E-mail Servers

When you use web-based e-mail, always make sure the connection is secured with Secure Sockets Layer (SSL) encryption in order to combat the client-server issue. You can be sure the web site you are using is using SSL if you see https rather than http in the address bar and a padlock icon displayed next to the address bar or on the status bar at the bottom of the browser.

With Outlook make sure you configure the server connection settings with SSL. Instead of using the default e-mail ports (110 for POP3, 143 for IMAP4, and port 25 for SMTP), you should use port 995 for POP3 or 993 for IMAP4 on your incoming server and port 465 for your SMTP outgoing server. Your e-mail provider can provide documentation on how to configure client applications. If you find your provider doesn’t support SSL connections for e-mail, you should find one that does.

Non-Technical Solutions

Strong Passwords – In spite of the fact this advice is given on every single tech blog, it is amazing how often it is ignored. Google is the best when it comes to putting real effort into securing your email account proactively. You can use special characters, numbers, and upper and lower case alphabets of almost any length. No birthdays, pet names, or anything that makes sense whatsoever!

Reliable Secondary Email Addresses – Consider getting a Hotmail or G-Mail account just for conducting business on the web.

Setup SMS Alerts – Google will send you the password reset code whenever someone tries to reset your password. If you are a smartphone user, you can rely on these SMS alerts and disable password recovery via email altogether. Email accounts are always vulnerable to a hacker from a remote place, but your mobile phone is not. Yahoo and Hotmail provide the same feature at no charge.

Be Careful on Public WiFi – Avoid using public WiFi for accessing email or transacting online with a credit card. Casual browsing and YouTube watching are okay. Accessing emails is a big risk.

Avoid Webmail – Even though we have just looked at web-based e-mail, desktop email clients like Outlook or Thunderbird are still the most secure possible route to go.