Part 2 of 2: How to Ensure E-mail Security

- Advertisement -

The reason is that most malware is circulated by people who have no idea they are sending it, because hackers are using their computer as a zombie. It is important to maintain and keep updated e-mail scanning and anti-virus software, and to use it to scan all incoming e-mails.

2. Deleting spam instead of blacklisting it. An e-mail blacklist is a user-created list of e-mail accounts that are labelled as spammers. When an e-mail sender is blacklisted, e-mail client stops trusting these e-mails from this particular sender and starts assuming that they are spam. Unfortunately, most Internet users are often timid to use the blacklist feature on their e-mail client, and instead just delete spam e-mails. Whilst not every piece of spam is from repeat senders, a surprising amount of it is. So by training to hit the blacklist/spam button instead of the delete button when confronted with spam, one can, in the course of a few months, drastically limit the amount of spam that reaches Inbox.

3. Disabling the e-mail spam filter. Most e-mail users typically do not start out with a lot of spam in their e-mail account and thus do not value the help that an e-mail spam filter can provide at the beginning of their e-mail usage. Because no spam filter is perfect, initially the hassle of having to look through one’s spam box for wrongly blocked e-mails leads many new e-mail users to instead just disable their e-mail spam filter altogether. However, as an e-mail account gets older, it tends to pick up more spam, and without the spam filter, an e-mail account can quickly become unwieldy.

- Advertisement -

So instead of disabling the filter early on, Internet users should take the time to whitelist e-mails from friends that get caught up in the spam filter. Then, when the levels of spam start to pick up, the e-mail account will remain useful and fewer and fewer friends will get caught up in the filter.

4. Failing to scan all e-mail attachments. Ninety per cent of viruses that infect a computer reach it through an e-mail attachment. Yet, despite this ratio, many people do not scan all incoming e-mail attachments. May be it is our experience with snail mail, but often when we see an e-mail with an attachment from someone we know, we just assume that the mail and its attachment are safe. Of course that assumption is wrong, as most e-mail viruses are sent by zombies that have infected a computer and caused it to send out viruses without the owner even knowing.

What makes this oversight even more scandalous is the fact that a number of free e-mail clients provide a built-in e-mail attachment scanner. For example, if we use Gmail or Yahoo! for our e-mails, every e-mail and attachment sent or received is automatically scanned. So if an e-mail user does not want to invest in a third-party scanner (although advisable) and the e-mail provider does not provide a built-in attachment scanning system, one should access the attachments through an e-mail provider that offers free virus scanning by first forwarding attachments to that account before opening them.

Keeping hackers at bay
1. Sharing your account information with others. Never ask friends/colleagues to check individual e-mail on one’s behalf. Of course, friends can be trusted, but once the password is known to anybody other than you, your account is no longer as secure as it was. One more real problem which reaps in is that a friend might not use the same security measures that an individual user will do. A particular friend might be accessing e-mails through an unsecured wireless account, he may not have kept his anti-virus software up to date, or he might be infected with a keylogger virus that automatically steals the password once entered.

So ensure that you are the only person that knows your personal access information. Never write down this kind of confidential information such as passwords, ATM pin, etc where it can be seen by someone else.

2. Using simple and easy-to-guess passwords. Hackers or crackers use computer programs that scroll through common names to compile possible user names, and then send spam e-mails to those usernames. When that spam e-mail is opened, a little hidden piece of code in the e-mail sends a message back to the hacker letting him know that the account is valid, at which point they turn to the task of trying to guess your password. Hackers often create programs which cycle through common English words and number combinations in order to try to guess a password. As a consequence, passwords that comprise a single word, a name, or a date are frequently ‘guessed’ by hackers.

So when creating a password, use uncommon number and letter combinations which do not form a word found in a dictionary. A strong password should have a minimum of eight characters, be as meaningless as possible, as well as use both upper and lowercase letters. Creating a tough password means that the hacker’s computer program will have to scroll through billions of options before guessing the password.

3. Failing to encrypt your important e-mails. No matter how many steps you take to minimise the chance that your e-mail is being monitored by hackers, one should always assume that someone else is watching whatever comes in and out of your computer. Given this assumption, it is important to encrypt the e-mails to ensure that if someone is monitoring the account, at least they cannot understand what one is saying. We can go for PGP encryption for personal usage as there is an easy-to-follow step-by-step 20-minute instruction system to install it and it is the most common e-mail encryption standard.

We also have S/MIME but that is more of an industry standard and can be used at official or organisational level. Encrypting all e-mails may be unrealistic, but sensitive e-mails should go in a secure way. Free versions of PGP are widely available on the Internet. Type PGP in www.google.com and you get the link to the PGP site. Download the PGP software and install on your system. PGP is also compatible with e-mail clients like MS Outlook.

4. Not encrypting your wireless connection. Whilst encrypting important e-mails makes it hard for hackers who have access to your e-mails to understand what they say, it is even better to keep hackers from getting access to your e-mails in the first place. One of the most vulnerable points in an e-mail trip is from laptop to the wireless router that has been used to connect to the Internet. Consequently, it is important to encrypt the Wi-Fi network with the WPA2 encryption standard. The upgrade process is relatively simple and straightforward and takes just a few steps. It can be helpful to further enhance your e-mail security.

5. Failing to use digital signatures. The cyber law now recognises e-mail as an important form of communication for major undertakings such as signing a contract or entering into a financial agreement. While the ability to enter into these contracts online has made our life easier, it has also created the added concern of someone forging your e-mails and entering into agreements on your behalf without your consent.

One way to combat e-mail forgery is to use a digital signature whenever you sign an important e-mail. A digital signature will help prove who and from what computer an e-mail came from, and that the e-mail has not been altered in transit.

By establishing the habit of using an e-mail signature whenever you sign important e-mails, you will not only make it harder for the other party to those agreements to try to modify the e-mail when they want to get out of it, but it will also give you extra credibility when someone tries to claim that you have agreed to a contract via an e-mail that you never did. The simple signed and encrypted e-mail flow is shown in Fig. 12.
Concluded

The author is working in ADRIN, Department of Space as Scientist ‘SF’ and involved in developing applications on network and data security