10 Tips to Protect Your Email Privacy

One common misconception that people have about email privacy is that additional measures of protection are only needed by people with big and notable things to hide in their mailboxes. The truth is that all personal communications are private and deserving of protection. With luck, the 10 tips below will help you protect your mailbox and your privacy.

Once an email is sent, there is generally no way to unsend it. Accordingly, an email with sensitive information reaching an unintended recipient could be a disaster. For example, the email might be sent to the wrong address, or the person it was sent to experience a security breach. One way to tackle this is password-protected email, a feature allowing the sender to attach a password prompt to an email, making it so the recipient can only read it if they know the password. 

Even if you have the most robust system in place protecting your mail, you should always be ready to take action if something goes wrong. For example, you can implement a method of locking the account if someone unintended signs in, possibly through the use of a backup email address.

If you are concerned about hackers using your mailbox to send emails en masse, you could set a hard limit on the number of messages that can be sent per hour/minute/etc.

It is considered both unsafe and unprofessional to use the wrong account type (personal/business) for various types of communications and can open new vectors of attack for hackers. For example, if you discuss confidential information about a project with a client through a personal address, they can (understandably) get upset about the unsafe practice and even reconsider working with you.

One of the first things you should check before using a new email service is what kind of encryption they use. For example, if they process and transmit messages through unencrypted channels, hackers will have a field day capturing, analyzing, and maybe even modifying your private data. At the very least, your email service should be using TLS (transport-layer security), but a stronger encryption standard like S/MIME or PGP will let you communicate with no fear of on-path attacks.

If the only thing standing between your private emails is a username and single-word password, this account will not even last 1 hour of serious breach attempts. As a best practice, you should make your password long and complex, use a phrase instead of a single word, and be sure to add an element of unpredictability. If you want to make infiltration an even bigger headache for malicious actors, you can add additional security layers like 2-factor authentications and biometrics.

Implementing the configurations and conditions listed above is a great start for protecting your privacy, but it should also be supplemented with knowledge. After all, so many attacks rely on people making mistakes, being careless, and not using their best judgment. Learning about the types of threats and how to respond to them, as well as sharing tips with others in your circle will be just as impactful as all the other steps.

Email spoofing can be a huge danger to businesses and individuals. When its objective is to imitate someone you know, you face the risk of unknowingly disclosing privileged/confidential information. On the flip side, someone impersonating you or your company can cause irreparable harm to your image and business dealings.

So how can you prevent spoofing? There is no universal solution for all situations, but two solutions that have proved effective on a technical level are DKIM and DMARC records. These are configured at the DNS level of your email provider’s domain (for example, Gmail’s domain name is gmail.com).

These records essentially instruct mail servers about which messages come from an approved sender and what the server should do if a message doesn’t pass the test. It’s like an additional security screening invisible to the user.

There are two key aspects of privacy in the context of email lists – protected communications and compliance.

Speaking about protecting communications associated with email lists, this should be done both on a personal and company level. If you find yourself receiving messages seemingly from a group or organization that you are affiliated with, be sure to verify authenticity.

Some malicious actors like to give authenticity to an email by including many receiving addresses, and of course, include a call to action or misinformation with the potential for harm. So you should pay attention both to the senders and receivers of new and unfamiliar emails.

On a company level, privacy should be maintained by ensuring that no unauthorized persons are added to a mailing list and that the BCC option is applied when you have multiple receivers for a message and don’t want them to know who else received it.

The second key aspect mentioned is compliance or respecting the laws and regulations pertinent to user data privacy. For example, the E.U. and numerous other countries have made businesses responsible for satisfying users’ regarding their data – particularly its removal and unsubscribing from unwanted communications. If you maintain an email subscriber list, make sure that it is compliant with all of the relevant legislation.

Many of today’s popular email services offer features like scanning email attachments for viruses and other malware, but this is by no means something you should put blind faith into. You never know which malicious files will evade the filter and cause harm to your data and/or privacy when you least suspect it.

The first thing to visually pay attention to in a file is its format. Email is not a good medium for sending .exe or .dll files, and they are quite dangerous in the aspect that they start running code as soon as you open them. So these two are the biggest dangers, but you should also pay special attention to compressed files (like .zip or .rar), disc image files (.iso), and installation files (often .msi).

Additionally, you should be aware that even formats that you use every day (.doc, .pdf, .xls) for text and data editing can be a platform for malware if they have macros and malicious code inside. This doesn’t mean that you should forgo sending documents via email, but it is a best practice to check the email authenticity and the relevance of the attachment before you download it, and even then, have the system perform a scan if possible.

Every year, hackers and cybercriminals come up with new (and sometimes hilarious) scams that are sent to millions of users. As long as you know about them, you won’t need to spend more than a few seconds deciding what to do if an email like this ends up in your mailbox.

Today, we see plenty of phishing emails and money transfer schemes aiming to trick you, intimidate you, and make you reveal confidential information. But one relative novelty to look out for is cryptocurrency giveaways. Since many people lack a comprehensive understanding of crypto, they can be enticed to invest in worthless crypto assets or give away their money to get nothing in return.

Share