7 Email Security Tips Everyone Should Know

July 14, 2020
Email is so embedded into everyday lives that U.S. adults spend an average of three hours a day checking their work email and devote another two hours to personal emails. With this communication tool demanding so much of our attention, it's no wonder cybercriminals use it as a preferred method for carrying out all sorts of nefarious activities.
Here are just two recent examples:
  • In a business email compromise (BEC), the Norwegian Investment Fund lost $10 million when fraudsters spoofed an email address and redirected cash payments into their accounts. BEC involves hackers spoofing or taking over the email of a legitimate company or person, typically to request a wire transfer or send a fake invoice to redirect payment. The FBI estimates that in 2019 alone, BEC losses totaled $1.77 billion.
  • Fortune 500 insurance company Magellan became the victim of ransomware in a multi-stage attack that started with a phishing campaign impersonating a company client. The attackers also stole login credentials and sensitive employee information.

The cloud opens up many new options for collaboration and information sharing, and in the future, those tools may replace email as the main communication tool. In the meantime, you can boost your email security by following these basic steps.

1. Use strong passwords

Passwords are a nuisance to remember, and consequently, many people create easy ones and reuse them frequently. If you're using the same passwords for your email and various online services, all it takes is for one of them to be breached, and your login credentials become available on the dark web at almost no cost.
Some of the best practices you should follow include:
  • Create long passwords combining letters, numbers, and symbols that don't spell out dictionary words or contain personal details.
  • Don't reuse your email password for other accounts.
  • Consider using a password manager, which helps you generate strong passwords and store them securely.
  • Monitor for leaked credentials — many financial institutions offer this as part of a free credit-monitoring service for customers.

2. Look for Signs of Phishing

Scammers get better all the time at tricking email users, but you can still look for red flags such as bad grammar and unusual requests. Don't trust an email just because the sender's address looks accurate, because email addresses can be easily spoofed.
Be especially wary of urgent requests or links to information about current and hot topics. Scammers are great psychologists who know how to appeal to your sense of urgency or curiosity.
Graphic with a fishing lure and key "$17,700 is lost every minute to phishing attacks"

3. Be cautious with attachments

Don't open attachments from unknown recipients. Word, text, Excel, and PDF files, in particular, can hide malware. As a rule of thumb, don't open any executable files (ending in the extension .exe) from any recipient.

4. Check the URL before you click a link

Even if the sender looks legit, hover over links before you click and make sure the URLs makes sense and the embedded URL match the one displayed. But beware of lookalike URLs that are one or two letters off.
Other tips:
  • Don't click on a link from a company you don't do business with or don't expect any correspondence from.
  • Instead of clicking on a link to log into an account, go to the website directly and access the account from there.
  • When it doubt, use a tool like Virus Total to check if anti-virus engines have recorded the URL as malicious.

5. Use email-security tools

Email spam filtering and anti-virus help make your email more secure, but you need to keep them up-to-date. Enable automatic updates both for your security tools and your email application if you're using a desktop version. Don't forget to keep your mobile email app current as well.
Laptop with an email and an alert on the screen. Text: 94% of malware is delivered via email.

6. Separate personal and work accounts

Don't sign up for personal accounts, such as social media and shopping accounts, with your work email. To protect your personal email, it's also a good idea to create a separate account for purposes like subscribing to news lists, accessing gated content, and receiving merchant updates.

7. Don't email sensitive information

Your email can be intercepted during transmission. Don't email anything containing sensitive or confidential data. Instead, use a secure, encrypted file-sharing service.
Graphic of "7 Email Security Tips Everyone Should Know" restating the entries listed above.
These are basic actions that all individuals can take to protect their email. Organizations should include these and other best practices in their cybersecurity awareness training program. At the organizational level, a holistic cybersecurity plan should include other strategies like using more advanced email tools and threat detection and response, but even simple things that each end user does at the personal level can go a long way in keeping data secure.
Previous Article
Inside the Wolf Den: A Unique Perspective from the Frontlines of Security Operations
Inside the Wolf Den: A Unique Perspective from the Frontlines of Security Operations

Businesses keep increasing their budget for the latest security tools. Yet breaches continue growing. Learn...

Next Article
The Need for Security Effectiveness in the Cloud
The Need for Security Effectiveness in the Cloud

IT budgets spent on the cloud are rising rapidly, presenting new issues for teams to deal with. Learn what ...


Get cybersecurity updates delivered to your inbox.

First Name
Last Name
Yes, I’d like to receive marketing emails from Arctic Wolf about solutions of interest to me.
I agree to the Website Terms of Use and Arctic Wolf Privacy Policy.
Thanks for subscribing!
Error - something went wrong!