Are you doing enough to protect your email privacy?

Email PrivacyFor many of us, email has become our primary method of communication in both our business and personal lives. An email address, however, is often used for many more purposes than simply sending electronic messages. Many of us use our email address to log into social networking sites, utility and credit card sites, banking sites, and much more.

Your email account is often the gateway to your personal life, and thus, is a valuable target for hackers. John McAfee said, “Email accounts are the fundamental identifying elements of the internet. The assumption is that if a person has access to an email account then that is the real person. Yet these accounts are the easiest elements of the digital world to hack into.” According to a recent ZDNet study, with a single phishing email, about 45% of all recipients submitted their full login credentials. Another study by Intel found that 97% of all computer users could not identify all 10 out of 10 phishing emails.

Hackers have a variety of tools at their disposal, from sophisticated spear-phishing to malicious documents to social engineering tricks, so are you doing enough to protect your email privacy?

Follow these 8 best practices to help ensure that your email communications are kept private.

Use strong passwords

A strong password that is not easily guessed should contain a combination of upper and lower-case letters, numbers, and symbols. Never use a password that can be easily guessed, and never use any of the passwords listed on the “most popular and therefore worst” passwords list. MDaemon includes tools that allow administrators to enforce strong password policies. See this blog post for more information.

Spammers know that many people use the same password across multiple sites and services. Therefore, you should be using a different password for each site.

Never click on suspicious links

Spammers have gotten very creative at making spam email messages look legitimate, using HTML and images that, when clicked, lead to fake websites designed to collect your personal information or to deliver malware, including keyloggers designed to capture everything you type, and ransomware, therefore, never click on links in an email message unless you’re absolutely sure you have verified and trust the sender.

Many phishing messages contain images such as logos that look legitimate, but, when clicked, lead to malicious sites. If you hover your mouse over a link, you can often see the destination URL, which often does not match the word or image associated with it.

If you see an “unsubscribe” link, don’t click on it! This would only serve to let the spammer know your address is valid and, more importantly, these links are easily forged and could lead to malware infections.

If you are prompted to click on a link that appears to point to a legitimate site that you know and trust, it is better to manually type the URL into your browser than to click on a link that has not been verified.

Never reply to spam or unsolicited email messages

Spam can be a very annoying nuisance, so as humans, we may let our emotions get the best of us and reply to a spam message with “Please take me off your email list” or “Quit spamming me!” There are two problems with replying to spam. First, many spam messages come from forged addresses, so the spammer is unlikely to receive your message. Second, replying can let the spammer know your address is legitimate, which may lead to even more spam.

Don’t post your email address in blog posts, online comments, or social media

Scammers often scrub social media sites for email address that they can exploit, so if you must post an email address to one of these sites, mask the address by adding spaces or spelling out (at) instead of using the @ symbol.

Use Encryption

Email messages, by default, are transmitted in plain-text. This can potentially open them up to interception by a nefarious third-party. While SSL & TLS are used to encrypt the connection between mail clients and mail servers, it is good practice to encrypt the email message itself. Encryption protects sensitive data by converting plain-text to cipher text. This cipher text can only be decrypted using the proper private encryption key.

MDaemon has options for encrypting connections using SSL & TLS, as well as server-side and client-side encryption options using Virtru and OpenPGP. A couple of months ago, I wrote a blog post about these options. Click here to read about MDaemon’s encryption options.

Use Two-Factor Authentication

Passwords alone are often not enough to protect your data against increasingly sophisticated attacks. With two-factor authentication, users must provide a password and a unique verification code that is obtained via a client that supports Google Authenticator (available in the Google Play store). This blog post contains more information on how to use two-factor authentication with MDaemon and WorldClient.

Know the risks of using public Wi-Fi

Public Wi-Fi provides a convenient way to access the internet while on the go, but if you’re not careful, it may come at a great price. Unsecured Wi-Fi hotspots are prime targets for hackers, who are often able to position themselves between you and the internet connection, allowing them to intercept every bit of information you transmit. Hackers can also use unsecured Wi-Fi hotspots to distribute malware. If you have file sharing enabled, you are especially vulnerable.  To reduce risk, make sure any Wi-Fi hotspot you connect to is secured and from a reputable source that you trust. If you must connect to a public hotspot, it is good practice to use a VPN to ensure that transmitted data is encrypted.

Lock your computer when away from your desk

This may sound like a given, but an unattended computer that has not been locked allows anyone access to your information.  You might not consider this a big issue if you work for a small business, but if you work in an industry with privacy regulations, such as health care or financial institutions, or if you store sensitive company information such as revenue or other confidential information, leaving your computer unlocked could have serious consequences, including loss of job, damaged company reputation, or even legal problems.

Conclusion

Whether your primary interest is protecting company information or your own personal data, email privacy is everyone’s responsibility, and often, the weakest point of entry into a treasure trove of sensitive data is a negligent or uninformed user. Don’t let that user be you. Use these tips to stay ahead of the bad guys!

5 Steps to Achieving Inbox Zero

Inbox-ZeroUnless you live in a cave, chances are you use email as a primary method of business communication. You’re also likely to receive tons of annoying, non-business related email, such as newsletters, press releases, mailing list messages, and follow-up messages that clutter up your Inbox. Without a clear strategy for dealing with all of this distracting junk, valuable time is wasted on unimportant tasks, and productivity suffers. In other words, you may be afflicted with “email overload.”

So how do we deal with the influx of email that grabs at our limited supply of attention?  Merlin Mann invented the concept of Inbox Zero. From TechTarget, Inbox Zero is defined as “a rigorous approach to email management aimed at keeping the inbox empty — or almost empty — at all times.” According to Mann, zero does not refer to the number of messages in your Inbox. Instead, it refers to the amount of time one spends thinking about his Inbox. A key point that is made is that when one confuses his Inbox with a to-do list, productivity suffers. Mann states, “It’s about how to reclaim your email, your atten­tion, and your life. That zero? It’s not how many mes­sages are in your inbox–it’s how much of your own brain is in that inbox – especially when you don’t want it to be. That’s it.”

So with the daily influx of email, how can we achieve Inbox Zero? Mann says that for every email message, there are five possible actions to take:

  • Delete
  • Delegate
  • Respond
  • Defer
  • Do

Let’s take a closer look at these actions.

Delete:  When a new message arrives, the first thing you should ask yourself is “Am I REALLY going to read or respond to this email?” If you’re not sure, then chances are you’re not going to make it a priority, and then it will sit there in your Inbox while other messages that should have been deleted come piling in after it. As Merlin Mann says in this article, “every email you read, re-read, and re-re-re-re-re-read as it sits in that big dumb pile is actually incurring mental debt on your behalf.” So if you’re not going to do anything with a message, simply delete it and move on.

Delegate: If there’s a message that can be best answered by someone else, then immediately forward it on. Don’t try to handle it if it will take you twice as long as someone else.

Respond: Immediately respond to any new messages that can be answered in two minutes or less.

Defer: If a message cannot be answered in two minutes or less, or if a message can be answered later, then move it to a separate “requires response” folder and reply later.

Do: Set aside time each day to respond to email in the “requires response” folder or respond to mail in this folder throughout the day when you have time.

Mann also recommends what he calls “Email dashes.” Here are his recommendations.

  • Check for new email & look for items that can be responded very quickly: Two minutes every 20 minutes.
  • Non-critical responses – Every 90 minutes, answer 5 emails or spend 10 minutes responding.
  • Processing “the pile” – Two minutes every hour, plus 15 minutes at the end of the day.
  • Metawork – 15 minutes twice a week.
  • Further culling, responding & cleaning out “the pile” – Throughout the day, when available, in 5-8 minute dashes. These email dashes help you prioritize, avoid constant email notifications, and manage your time and attention.

Other tips for achieving Inbox Zero:

Don’t leave your email client open. An open email client can be a persistent distraction. It could be too tempting to check email when you’re working on another project while your email client is running in the background.

Use templates: You can use templates for often repeated messages that may only require a short or generic response, such as “Thank you” responses or responses to common questions. If you’re using WorldClient, MDaemon’s webmail client, this article has instructions for creating email templates.

Use Filters: Filters are useful for dealing with frequent, non-urgent items that can be dealt with later. Some examples include:

  • Mailing lists and forum threads
  • Social media “Friend” requests from sites like Facebook and Google+
  • Newsletters and product updates
  • Blog comments
  • Twitter follower notifications

Be careful when creating filters to ensure that you are only filtering out content that isn’t important. It is possible to filter out too much – for example, important but non-urgent messages that would be better addressed by dealing with them according to a schedule.

Use labels or folders: This tip could perhaps be combined with the above tip on using filters. The idea is to automate the process of acting on message that meet certain criteria by applying certain labels or moving them to designated folders. For example, I get a lot of blog comments from spambots, so by creating a filter that filters on the subject of a comment notification message, I can send those messages directly to my “Blog Comments” folder. Sometimes, I’ll get up to 200 comments in a day, so this saves me lots of time and headache weeding through all of that stuff in my Inbox.

Unsubscribe from email lists: How many times have you been asked by a retailer for your email address, or left the box checked when making a purchase on a company’s website authorizing them to bombard you with sales pitches on their other products?  Taking the time to unsubscribe from these mailing lists now can save you from having to deal with all that Inbox clutter later.

The concept of Inbox Zero is not to have zero messages in your Inbox. It’s to set up processes that allow you to spend as little time as possible THINKING about your Inbox. Merlin Mann created the concept several years ago, when there was far less email and far fewer distractions than there are today, so his ideas are even more relevant today. I hope you find these tips useful & that you can use them to take back any control your Inbox may have over you.