Are Your Emails Safe?
July 11, 2018
Let’s be honest: we’ve all sent or received a cringey email we wanted to keep secret.
If we learned anything from the 2016 US presidential election, it’s that emails are notoriously difficult to secure.
But, we won’t hold it against you. Everyone, including small business owners, is entitled to private communications, if they want them.
The world’s largest internet conglomerate and high-level government officials can’t seem to keep their emails private, how can you be expected to?
The truth is, though, that they aren’t as good at it as we’d like to think. Emails aren’t only vulnerable from the outside, either. Recently, Google has come under fire over the revelation by GMail users that their app developers had access to user emails.
So far, there’s been no evidence of malicious activity from the development team at Google. But, in light of Facebook’s ongoing privacy scandals, people have the right to be skeptical.
So, if arguably the world’s largest internet conglomerate and high-level government officials can’t seem to keep their emails private, how can you be expected to?
Well, you can’t. There’s simply no way to absolutely secure an email account if someone really wants to access it.
That doesn’t mean you shouldn’t try.
For the small business owner or entrepreneur with privacy concerns, here are a few ways to maximize the security of personal and company-wide emails.
1. Unique Passwords
There’s a great interview by John Oliver from Last Week Tonight of Edward Snowden. Snowden, as you may know, is an expert cryptographer, former NSA employee, and notorious whistleblower.
In the interview, Snowden notes that “bad passwords are the easiest way to compromise a system,” even one as simple as your email account.
He goes onto say that it can take a computer “less than a second” to pull your password out if it’s generic, and 8 characters, as most of ours are.
Instead of using single or multiple random words as a password, Snowden recommends memorable phrases as an alternative.
Whether you like him or not, the guy knows what he’s talking about when it comes to encryption and web security. He gives John Oliver some great advice on creating lasting, secure passwords for any device or account.
“The best advice is to shift your thinking from passwords to passphrases.”
Instead of using single or multiple random words as a password, Snowden recommends memorable phrases as an alternative. Not only does it make the password more memorable, but it allows you create something more complex while being able to remember it. His example is “margaretthatcheris100%sexy.”
The moral of the story here is that passwords, while seemingly something required to create an account on any platform, are much more important to security than many of us realize.
Snowden’s example and explanation goes to show that you don’t need experience in cryptography to make emails or accounts more secure than they otherwise might’ve been.
2. Question and Answer
Have you ever lost your password? If you’re like me and literally everyone else on the planet, you’ve lost about 134 of them.
Because it’s hard to send a password verification to a possibly compromised or locked account, many websites have taken to asking for you to answer “security questions.”
Some of these gems include:
- “Where was your mother born?”
- “What was your first pet’s name?”
- “What was the maiden name of your step brother’s kindergarten teacher?”
Many people’s first instinct is to write real answers to these questions, thinking that they’ll still be secure. I mean come on, who knows my brothers’ goldfish’s name?
As insane as it sounds, someone that really wants to hack your accounts can find this information easily. Even if they don’t, real answers to these questions are much easier to decode than something randomized.
If you’re forced to choose from a preselected list of questions, use false information that’s easily memorable
Plus, you’ll probably ask your Mom what street she grew up on to answer the question, promptly forget, and have to call her every time you can’t access your accounts.
The recommendation here is similar to creating secure passwords. If you’re forced to choose from a preselected list of questions, use false information that’s easily memorable (unless you want to write everything down). If they ask you to make up your own questions, think of something extremely obscure about yourself, and answer it. If you want to be really secure, answer it falsely.
3. Secure Services
If you’re worried about your privacy, there’s probably someone working to solve your problem.
With email security, there are a ton of tech options for securing your accounts, and even the email server for your entire business.
First, make sure that your email URL starts with https://, not http://. Browser-based emails are vulnerable to hacking. The difference between a website with an https instead of http URL is that the ‘s’ stands for ‘ secure.’
As long as your browser-based service has that, it should be relatively secure from outside attack. Of course, GMail secures its browser in this way. But, outside attack isn’t always the concern.
Whether you’re sending super secret documents or asking a friend to lunch, you deserve secure, private communication when you want it.
To avoid internal tampering, small business owners could look to innovative technologies, or email providers who guarantee secure communication lines.
Specifically, Hushmail uses a combination of encryption and two-step verification to ensure your emails are as private as possible. But, if you’re looking for something really hardcore, you might want to think about blockchain.
Cryptamail is only one of many companies looking to revolutionize the email security space through blockchain technology. The idea is that within a distributed ledger system, information cannot be tampered with or accessed without at least a 51% consensus from everyone participating in the chain. In this case, everyone on the email server.
Data privacy is top of mind these days. Whether you’re sending super secret documents or asking a friend to lunch, you deserve secure, private communication when you want it.
Businesses not only need to protect their own privacy, but the privacy of their employees and partners is also at stake.
You can’t do everything. But, a little can go a long way.