Last week had more news stories about email accounts being hacked and contents made public but don’t feel sorry for the victims, they only have themselves to blame.
Colin Powell uses Gmail – which was hacked. The US Democratic Committee had their Microsoft Exchange mail server hacked releasing 19,252 emails with 8,034 attachments (documents, worksheets.
Email has always been insecure. The original designers, including the late Ray Tomlinson were focused on getting plain text messages to move between computers (no easy feat back then). As email became popular, efforts to make it more secure and verified have been somewhat clumsily stuck onto the existing system.
Interestingly, the hacking fear isn’t the release of confidential or classified data, that’s usually handled quite separately. The fear is that casual remarks or comments between friends go public without context – ‘terribly indiscreet’ as Sir Humphrey might say.
It seems the hackers are gaining access to online mail storage rather than merely intercepting current messages as they are being sent. Sometimes they get into a single mail account (General Powell) and sometimes an entire organization (the DNC).
There but for the grace of god
A former National Security Council spokesman is quoted saying “There but for the grace of God go all of us.” which is understandable but ill-informed. No need to appeal to a higher power for email protection.
You can reduce the risk of their email account being hacked. Let’s start with simple things that will greatly increase security but require no change in your current email setup (at least for most people).
Two factor authentication. Even if someone gets your login name/password they still won’t be able to get into your mail. Yes, Office-Watch.com keeps banging on about this but that’s because it’s important. Most mail hosts (Gmail, Outlook.com, Office 365 hosting etc) offer ‘Two-Fac’ in some form. If your mail host doesn’t offer two-factor authentication, then it’s time to move to one that does.
Use secure email. It’s quite possible to encrypt emails so that no one can read them except you and the person you intend to receive it. Anyone else reading your mail store will see ‘garbage’. Secure email should be easy to use but it’s not. Microsoft hasn’t made any efforts to improve Outlook’s (Windows/Mac) secure email features beyond the simple ‘tick the box’ minimal support.
Be more discreet. It’s not just mail hacking that’s a danger. Your sarcastic remark might get passed along via a Forward, CC or BCC. If you want to say something that might be misunderstood, do it in voice call.
Let’s Discuss Live or LDL is the new acronym. Call or meet face to face so you can say what you like.
Use secure alternative messaging for conversations you don’t want ‘overheard’. Look for a system that has ‘end to end’ encryption and the ability to transfer files. The most secure and respected messaging services are Signal and Wickr but only the latter has file transfers. WhatsApp has recently discovered secure messaging but the jury is out on that. We liked Telegram but it uses proprietary systems that can’t be externally verified. Skype messaging … secure? … don’t make me laugh.
If you’re really concerned about email security, opt for no cloud storage. Keep your emails on a single computer. That’s almost heresy in 2016 where it’s a given that everything should be in the cloud. Having your email stored ‘in the cloud’ on Gmail, Outlook.com etc is very convenient but we pay a price in lowered security for that convenience.
Cloud storage is a well-documented target for hackers, available 24/7 for their intrusion. On the other hand, having your email ‘in the cloud’ is incredibly handy so dropping it will make your Internet life a lot more difficult.
Better to secure your online environment than drop it altogether. The cloud providers like Microsoft and Google or individual organizations could do a lot more to protect their customers/staff but don’t hold your breath.
In the meantime, use the tools we’ve suggested to make a hacker’s life a lot harder.
