For all the years that I’ve been selling Google Apps, I should have foreseen client email account being hi-jack. The thing is, the problem is not with Google Apps but the behavior of the customer. In this post, I’m going to tell a thing or two about email security which you should know and practice.
The world is full of laziness, people like me especially. I’m not sure about you but I encountered countless of people who like to use email client to get their email done, Outlook, Apple Mail, Thunderbird and shit loads of them. It’s fine to use them as long as you know what you’re doing and you use an email cleaning tool.
The weakest link of whole email system is always the end . i.e. your PC, Notebook and mobile phone? Wrong! The people!
Because people tend to be forgetfulness and lazy, I’ve seem many devices are not installed with anti-virus + firewall program. Needless to say much, their email client is hardly stays in the updated version. So, when you save your email account password in your Outlook, it is destined to be stolen. It’s just a matter of time and how important is you in life.
If you’re someone who holds key position in a company, do expect corporate spy to hack your account by simply hack into your vulnerable PC. Do you know that there are over 200 Outlook password retriever software available for free in the Internet?
Anyway, below are the list of things that helps to protect your email account.
- Prevent to use email client if possible. If you really can’t live without them, please continue to #2
- Install Anti-virus + firewall program to your device. I’d highly recommend ESET Smart Security for its efficiency on resource management.
- Use an Application-Specific password for your Outlook and Mobile Device if you’re using Google Apps or Gmail so that even the password is stolen, they can’t use it in another device.
- Again, if you’re using Google Apps or Gmail, enable 2-step verification to tie your account login with mobile phone.
And here’s an advanced guide but it is more or less done in the back-end.
Domain and DNS Protection
In every domain names, there is a thing called Doamin Name Server to store all kind of records which also known as DNS records. One of it is called MX record which is to point the email to the defined email server (IP address).
As you can see, this is the very beginning place of the whole email route when an email is reaching to you. Professional hacker often start with this place. If you’re using a shitty Web Hosting where your DNS is mostly not well protected with SSL encryption and advanced filtering…your MX record can be changed without you knowing it.
A good email system will monitor your MX record and notify you if it get changed. If you don’t have that in your email platform, a good option is to subscribe to DNS monitoring service, most website downtime monitor service will have that too.
Email Transmission and Routing
TLS encryption, this one is tricky. Nowadays, most email server uses SSL instead of TLS. The reason is simple, there’s to much trouble to get a complete 2 ways TLS setup. TLS basically makes sense only when only 2 servers is setup to acknowledge each others email delivery and not others.
TLS usually is setup between corporate branches or among devices. It is not too practical to setup TLS while sending emails in ordinary usage. Just make sure your email delivery is SSL encrypted is sufficient enough.
When comes to routing, email can be intercepted in router, wifi signal or even cable. This is why email has to be encrypted in the first place. Can’t do much on this but make sure you’re not sending or receiving important email in public wifi.
Device Policy, Apps and Program
While you’re enjoying your smart phone, especially the free cool apps you’ve downloaded into you phone. Have you ever wonder the free apps main purpose is to steal your phone information such as email and credit card number?
Device policy management allows you to set strong password, disallow certain apps to be installed for mobile devices used in business purpose.
Okay, that’s about it.