March 26, 2020
“People don't like to take phone calls, but nobody hates using email, mostly because inbox becomes someone else's ‘to do’ list” – Gary Hibberd, The Art of Email Security.
This idea still rings true, even though a lot has changed since that book has seen the light of the day. Most people are working remotely now, and they still hate phone calls, or even worse, joining a video conference where cameras must be turned on.
But work is work, and it has to be done. Same with email, whether you like using it or not, you should do your best to protect it (or at least try to not jeopardize its security), because just like the quarantine, email is not going anywhere.
And also, your home is now an extension of the office.
By now all of us are aware of how important it is to wash our hands.
Some of us do so every 15 minutes, funnily opening the doors along the way, and yet it seems almost impossible to not touch our face. Among all the recommendations this is the hardest one to follow, so let’s keep email security rules both simple and doable.
Let’s learn about the things that you can avoid doing to keep yourself at a distance from malicious hackers. Social distancing, remember? We won’t ask you to flag outbound emails or figure out DMARC, SPF, or DKIM, we will keep everything short and sweet.
We will provide you with 6 tips that can improve your cyber hygiene overall, and be useful even when you won’t use your email.
This is the easiest one, frankly.
One great thing coronavirus did for data security, is it did close down coffee shops and restaurants. Employees visit such places with devices that maintain huge volumes of corporate data, which can be intercepted with special “sniffing” devices.
Using email or connecting to the company’s storage is a big no-no when you’re using an unsecured network. While everyone is talking about setting up a VPN, it is better to stay away from the free ones, if you’re not willing to pay handsomely to some reputable provider.
Then again, losing your email account credentials would be more costly.
It’s not that challenging to create strong passwords, but it’s hard to remember them.
While you may be seduced by the prospect of clicking a “remember me” check, please don’t do that. It is just hard to do things the right way, but cyber hygiene is dirty work, that’s why everyone hates it.
When you allow your browser to autosave your passwords, you put them on a shelf that can be reached by most malicious users in 12 lines of code. Security enthusiasts will always talk about how great password managers are, but those are not free of own vulnerabilities, although still might be helpful if used correctly and not deployed in the browsers.
Even in quarantine times, devices can be stolen, so don’t save your credentials for potential hackers.
While we could also name this entry “enable MFA”, it would not be a better option.
So often people have their multi-factor authentication enabled but succeed to never use it because they stay logged in all the time. Logging out after you are done working, then entering your password and waiting for a verification code is not that tough, but most users still try to take a shortcut where they can.
Don’t confuse multi-factor authentication and two-step verification, those are not identical. In multi-factor authentication, you have to provide the system two different factors, such as possession factor (something you have, like a software token) and knowledge factor (something you know, like a password).
Two-step verification mostly asks you for two factors of the same category.
Working outside of the office has a lot of positives, but also some negatives. One of the more prominent cons is the inability to verify the requests made to you by the management.
Do I need to change my password in this weird-looking sign-in form? Do I need to download a manual on how to stay productive at home from our HR? Is this 2 million wire transfer really urgent, or someone is trying to scam me?
Always verify every action through a channel independent of email. The answer might not come to you right away, but it is better to be safe than sorry.
Remote work is an exciting time, you have more freedom, for some of us the environment is rather quiet, and there’s no need to commute anymore.
Also, you are asked to install new apps on your mobile phone and register for new platforms to test all these great new collaboration platforms. While those are extremely helpful today, you should probably keep away from unproven vendors and abstain from using your corporate email for sign-ups when possible.
If the data breach would happen to the provider, you very well could get a phishing email half a year after the actual leak, because that’s how criminals act. Try to use your corporate email only for corporate needs and tasks.
Office pranks where someone forgets to lock down a computer and is then greeted by some very nice image is not a threat anymore, but possibly people you’re locked down with could undo all your good work by accident.
For example we can imagine a situation where bored children would jump around your workplace and damage the device you are working on. They can also download files that could undo all the security work you would do in the five aforementioned points. Songs, computer games, movies, or any other online content downloaded for free that may interest your family members are also a threat to your security, and with that, the security of your company.
Locking up your devices has email security advantages too, as this would ensure that confidential corporate information would not be open to viewing to third-parties, which would be your relatives, children, spouses, friends or roommates.
With the pandemic running riot, we certainly have more time on our hands, and with that, more time to learn.
In line with the topic of the blog post, we can offer to your attention “The Art of Email Security” - a book about getting familiar with best practices of email security without putting much effort in. A friendly manner and a conversational tone of the book could keep you entertained even if you’re not a proficient user, and answer all the questions you may have about email security.
Although the advice detailed above, and a cheap educational material wouldn’t hurt your overall stability and online safety, security experts agree on one thing - best security solutions don’t require user interaction and enable efficient workflow without overwhelming the employees.
A good solution would also satisfy the following cybersecurity criteria:
Understanding the issues companies have experienced amid the crisis, StealthMail offers a free service subscription that satisfies the aforementioned criteria and makes your remote work more secure.
You can start your free trial now, with no restriction on the number of users, and get a free trial for Microsoft Office 365 and Teams.