How to protect our e-mails so that they do not get into the wrong hands? Interia asked security experts from IT companies how we can avoid a situation when our correspondence, data and contacts would be stolen.
– Our digital mailbox is a treasure trove of all kinds of sensitive data. From scans of important documents to candid emails exchanged with friends or colleagues. Modern mail available in the “cloud” contains a huge history of our correspondence, which is most often available after logging in directly from the Internet and is a tasty morsel for criminals. That is why we should take care of its security ourselves – explains Andrzej Sawicki, sales engineer at Trend Micro in an interview with Interia.
Phishing – how to stop it?
– Our login and password is the key to this valuable information. That is why we should be careful about any attempts to phish for it. Unfortunately, phishing (this is the professional name for an attack that aims to steal our credentials, usually login and password) is becoming more and more perfect and can surprise even experienced users. Let’s thoroughly analyze every email that forces us to log in again. Is the link that leads to the login page really the right address of our service provider? – Sawicki notes.
So how can we protect ourselves from the phishing threat? The expert advises: – Let’s double-check where the email comes from (we sometimes need to review its headers as well) and whether it should actually arouse our suspicion. If necessary, we should contact the sender using another communication channel and explain the matter “offline”. Think twice before giving out your login and password. Additionally, he stresses that: Companies should implement an education program for their employees, in the field of mail security, and also, conduct regularly controlled phishing simulations to make their employees more immune.
– Unfortunately, no IT system, not even the most perfect one, can relieve us of the responsibility for protecting our data,” Sawicki concludes frankly.
Strong password, two-factor authentication, and sandbox
– In the case of private, free mail, apart from choosing a reliable provider, we must remember that the most important thing we are responsible for is the confidentiality of the access password. That’s why one rule is absolutely fundamental – the password which defends the access to our account must be long enough, and most of all unique, not used anywhere else. Most of the successful interceptions of access to mail or other services, such as e.g. Facebook accounts are the result of not following this rule – warns Paweł Jurek, development director at Dagma Security IT in an interview with Interia.
– A great solution is to use two-factor authentication. In addition to the password, each time we give a one-time code, sent to our phone. This way – no one who does not have access to our phone will be able to log in to our mail, even if they know the password – adds Jurek.
Another security measure that requires further popularization is the use of the so-called Sandboxing. What is it? – If we use a strong password, the second biggest threat is an attack through our mailbox – i.e. there is a chance that we will receive and open such an e-mail, which will cause the execution of a malicious code on our computer. Then the malicious code will ‘take control’ over our computer and gain access to our mail – warns Paweł Jurek. How can you protect yourself from this? “Companies are increasingly using sandboxing This is usually a cloud-based service that we can buy – each incoming e-mail is analyzed. If there are any suspicions about it, it is sent, for example, to the servers of a company that creates software, and on them in a safe “sandbox” is opened, where the code is implemented – explains the expert.
What does the “sandbox” give us? After a few seconds we know, whether there was an attack attempt inside, or the email is safe. Thanks to such a solution only verified e-mails get to our mailbox.
Remember about cyber security
– Safe use of e-mail means, first of all, keeping the basic rules of cyber hygiene. Do not click on links in suspicious-looking emails (from a sender you do not know, a service provider whose offer you do not use etc.) or open attachments. If you have any suspicions that criminals are impersonating the sender of an e-mail such as a bank, courier company or even your friends, you should contact the alleged sender by another means – advises Jolanta Malak, Director of Fortinet in Poland in an interview with Interia.
-We should avoid messages that contain expressive messages, e.g. about having to pay additional fee for a service, winning a competition or asking for money transfer. It is also a good practice to use e-mail security tools, equipped with e.g. anti-spam filter. Professional security, on the other hand, requires systems that secure network traffic in conjunction with email server security and EDR (Endpoint Detection and Response – a tool responsible for detecting suspicious activity on endpoint devices) class systems. It is also important to remember that no institution or company will ever ask for your email account access credentials. Also, no one is allowed to give out passwords – neither to e-mail, nor to any other services – adds Malak.