Close your email security gaps
Have any of your email accounts ever been hijacked?
And have you, like most of us, received bogus sleathware attachments from friends’ accounts (either current or expired) that have been compromised? First among the serious dangers of opening such attachments: automatic installation of malware and hijacking your account with infected messages that are then forwarded to all your contacts.
You close such mail immediately and contact the person to ask if the message is actually from them. Right? Most of you have probably had to do this many times. Fortunately, when the subject line of such mail is missing or inconsistent with a friends’ interests/personal style, you know it’s a red flag.
However, not all scams are so easily identified.
The quote from this week’s NYT describes a current threat that could impact you:
“Researchers (say) they have been tracking (a) particular (Nigerian) criminal operation, which they call Silver Spaniel, for months. The attacks begin, as so many do, with a malicious email attachment. (Ah, yes, dear reader, yet another example of the dangers of wanton clicking.) Once clicked, victims inadvertently download malicious tools onto their devices; one, NetWire, is capable of remotely taking over a Windows, Mac OS or Linux system, and another, DataScrambler, makes sure the NetWire program is undetectable by antivirus products.” (NYT, July 22, 2014)
SIMPLE SECURITY MEASURES YOU NEED TO TAKE IMMEDIATELY
Change your email account passwords frequently
When was the last time you changed your email account password? Most of us postpone this necessary security task far too long. Another critical issue: if you’re like the many folks who use the same password for their email and online banking accounts, you’re leaving yourself wide open to identity theft. Use separate passwords for your different accounts and change them frequently. That said, unless you download one of the secure software tools to privately track all your passwords, who can keep track? I tried one of these password tracking tools (because I’m lucky to remember just one password) but had to uninstall it because it slowed my system down.
That’s why I’ve opted for two passwords that I change regularly, as follows–
Apply a simple, safer password formula
You may have read recent articles on creating (relatively) safe passwords. If not, consider applying the following formula for your email accounts: (1) Choose a sentence that is meaningful and easily remembered, such as, “I met my wife in San Antonio.” (2) Use the first letter of each word, alternating upper and lower case and combine with some numbers (in this case, you could embed your wife’s birthday) resulting in–ImMw012274IsA. Again, that could be for your email account. Now apply the same formula to create a second password that you use exclusively for your banking and other financial transactions. Finally, create a third password for all your remaining accounts.
Stop spam via your email service provider or separate software
Spam is a time-killer (if you open just 3 spams a day, you’ll waste 15 hours a year, according to Ferris Research). It’s also a massive security problem. Even unsubscribing to a spammy newsletter, for example, can cause problems.
Back up your hard drive every few days, and more often when you complete new project work
Some attacks are so serious that they require you wipe your hard drive and begin from scratch. And there is the constant threat of hardware failure. So, you absolutely need a backup drive and/or complete system redundancy in a cloud-based service. (Most attacks, by the way, are aimed at either defrauding you or damaging your reputation.)
Protect your mobile devices
There’s an increasing amount of malicious code targeting Android mobile phones. By comparison, with the iPhone 5S the new Touch ID–security has been significantly enhanced. Still, those with older iPhone models often fail to protect their phones with a pin or lock screen.
In my next and final installment on email security, I’ll discuss-
- The pros and cons of encryption services;
- Ensuring both external and internal security; and
- Compliance with government data privacy security regulations.