E-mail Security Measures
Email is the electronic equivalent of a post card. Information technology companies heavily depend on email for their communication needs. Therefore, it is important for companies to formulate security policies and procedures governing email e-mail usage. These policies must be clear, precise and unambiguous. Email security policies and procedures define the guideline that users must follow to protect themselves from email threats and other relates issues. Some of the policies governing email usage commonly followed by IT companies are:
Creating Strong Passwords
A Password is a combination of alphanumeric characters (including special characters optionally) that needs to be provided for authenticating users. This is done so that only authorised users have access to the system and/or resources. It is also used for limiting user access depending on the business need. Password safeguards the information and devices from unauthorised use. It must never be shared.
Strong password have the following characteristics:
- Minimum eight characters in length
- Contains a mix of alphabets, numbers and special characters
- Does not include any personal details
- Password is unique for each account
- It is easy to remember for you but hard to guess for others Users must always create a strong password and it is advisable to change the passwords frequently. All email clients and Internet Service Providers (ISPs) have mandated the requirement of having to change the password at regular intervals.
Stay signed in Feature
Email clients, like Yahoo, provide a ‘Stay signed in ‘or’ Keep me signed-in ‘or remember me’ option. This option enables the browser to remember the user’s login credentials even after the browser is closed. Therefore, the user does not need to enter their login credentials the next time they access their email account. This feature has more drawbacks than advantages as it makes it easy for attackers to steal information. The attacker may access the user’s account without his consent. Therefore, such features must be deselected while accessing the email account to secure from any threat.
Disable the Preview Feature
All web mails have a preview feature to allow the user to read the email and look at its contents without opening it. If this feature is enabled, the attacker can read the content without the user’s permission. The email may contain critical data or information in the first line itself, such as One Time Password (OTP).This is a dangerous feature, therefore, if it is enabled, it can prove to be harmful to the user. With this feature, the emails and files are downloaded and rendered automatically. Therefore, if any harmful code is also present there, it will be automatically executed. Hence, we recommend that users keep this feature turned off for securing their valuable data
Email Filtering is the process of eliminating unwanted or undesired emails from the list of emails received. The user can discard the emails as per their choice or send the desired emails to others. Email filtering is performed mainly on Spam mails, phishes and malicious and dangerous attachments that may harm a user’s identity. It may also be performed on outgoing email messages that can control transmission of confidential information and help against risky legal liabilities. A good email client provides basic email filtering facilities.
Scan Email Attachments for Malware
User may receive email attachments in the form of document files, videos, audios or images. Sometimes, such attachment can harm the system. To prevent such email attachments, users are recommended to scan the attachments before opening or downloading them, otherwise, malware or virus can enter the system. Such infections spread gradually taking up complex forms. This may lead to the creation of a kind of malware called ransomware that encrypts all the files and pushes a ransom in the system as legitimate user for decryption key. Therefore, it is very important to scan any attachment before downloading it.
Sign Emails Digitally
Digital Signature is the code or signature attached with the document transmitted using an electronic medium. It is used to verify the sender’s identity and the content that is transmitted. Digital signature helps in authenticating the identity of the sender of the message and is unique for every user. Digitally signed emails or messages are difficult to tamper with and thus, are considered to be safe. All documents such as emails, PDF files, Word documents, etc. can be digitally signed.
Digital IDs are used to:
Digitally sign emails: A red ribbon icon on the email indicates it came from a valid email address.
Encrypt emails: A blue envelope icon on the email indicates that it remained private during transmission (only the recipient can securely open it). Once the user obtains their digital ID, they can register it with all programs that support digital signatures, such as Adobe Acrobat, Microsoft Outlook etc.
The sender sends the signed document to the receiver. The receiver uses the sender’s public key to authenticate the sender signature. This is also ensures that the documents is not compromised after it was signed.