Email is one of the most used methods of communication these days. We check our email account(s) several times a day and send/receive several messages a day. Many of our mails contain important personal information. Security of our email accounts thus assumes importance. Unfortunately, many people do not pay proper attention to keep their email accounts safe and secure; of course, many of them may not perhaps be aware of certain simple steps that can be taken to secure them. There are certain basic precautions that you must take while dealing with your email account, and these are being described below.
(1) Always use HTTPS connection to login: You should take care to always login to your email account through the HTTPS connection (that is the secure connection), instead of logging through the normal HTTP connection (that is insecure). When you login through HTTPS, the information from your computer to the server and back, is transferred in the encrypted form so that no intruder or third party can read that information. Even your ISP cannot read that information. However, when you login through HTTP connection, your user name and password is transmitted to the server in plain text form, which means somebody in your ISP company can read that information (if they want to) or some intruder can possibly read that information. Therefore, it is advisable to login to your email account only through the HTTPS connection.
In fact, most of the popular email services such as Gmail, Hotmail and Yahoo! Mail, etc., all provide HTTPS login page to sign in to your email account. But, some of them may provide both options, i.e., you can login through HTTP or HTTPS. For example, if you try to login to Gmail or Yahoo! Mail through HTTP connection, they will automatically redirect you to the HTTPS connection; so, you’ll always be logging to your Gmail or Yahoo! Mail account through the HTTPS connection. You try typing “http://www.gmail.com” or “http://mail.yahoo.com”. You’ll notice that you’re automatically redirected to the HTTPS connection, which is secure login. But, Hotmail gives you both the options. For example, if you try to login through “http://www.hotmail.com”, you’ll NOT be redirected to HTTPS login page automatically, though it will give you an option (I don’t know how many people notice that option) to login through secure page by clicking on a secure login link. So, many people might well be logging to Hotmail through an insecure HTTP login page.
Moreover, some other email services (particularly, your own domain name specific email) may offer only HTTP connection to your email account and may not have the HTTPS connection. However, even with these own domain-specific email services also, your web-host may be providing an alternative “shared HTTPS connection” to login through HTTPS secure protocol by using the web-host’s own domain name. You may have to confirm from the web host in this regard. Wherever possible, try to login only through the HTTPS secure connection. In any case, always try to type the “https” character in the browser instead of the “http” and see whether that login page is available; and if available, then login through the “https” page only.
In fact, Gmail goes one step farther and offers your further security. No doubt it uses HTTPS on the Gmail login page, but you can also select to protect your entire Gmail session with HTTPS as well. If you do it, HTTPS will make your mail slower; but ultimately it is your choice whether you want to have more protection or more speed, depending upon the importance of your personal information contained in your emails. If you want to turn it on, in Gmail, open Settings and then, on the General tab, select “Always use HTTPS“.
(2) Exercise caution while sending sensitive information by email: You don’t remain in control of the information contained in an email after you send it. Even if the recipient of your mail is a trusted person, if his account gets compromised or his computer gets infected with a virus, the contents of your email may get exposed. Moreover, in some cases, the recipient may himself choose to forward your mail to others without your consent or may disclose the contents thereof to others or post them in some public forum, and the like. Therefore, always exercise caution while sending some sensitive information in your email, such as your password, your credit card number and the like. Wherever possible, sensitive information can better be given on phone or in person instead of giving it in email.
(3) Encrypt contents: Encrypt contents of your email if it contains sensitive personal information.
(4) Don’t share password or other personal information in email: Never share your password for the email account with anyone. Don’t respond to phishing attempts made by fraudulent persons to know your password, who may ask you to confirm your password in an email citing some urgent reason such as “you account is being closed”. Or, sometimes they may ask you to follow a link in an email posing as if the link is a genuine link to some respected site; but instead they may make you visit some bogus site that may look like a genuine official site. You may be made to sign in to your account at such fraudulent site with your password and username which may then be stolen / captured by them. Please remember that no responsible email service provider will ever ask you to provide your password, your social security number, your credit card number or other personal information; therefore, never fall in the trap of such fraudulent persons and never share your password and other such personal information with others in an email.
(5) Always sign out from your account: Once you’ve finished reading / sending your mails, always sign out of the email account by specifically clicking on the “Sign out” link. Don’t just close the browser or browser tab. It may keep you logged in at the server; and somebody else using your computer may subsequently get logged in to your email automatically. This is more true when you’re accessing your email account in some public computer or shared computer.
In fact, if you’re using a public computer, you should also take the extra precaution to also clear the browser’s cache, cookies and history, after you sign out from your email account, wherever it is possible; and thereafter close the browser completely not just the single tab.
(6) User password-protected screen-saver: If you often leave your computer / laptop unattended for some time in between, or if your personal computer is kept in a public place such as in an office, use a password-protected screen-saver. This will ensure that your computer gets automatically locked if you go out for some time while keeping the computer on. If you’re using a laptop, you can even fold it before leaving the place for some time so that you get logged of it.
(7) Do not open email attachments from unknown source without confirmation or without virus-check: If you get an email from some unknown person or a person whom you don’t know that well, don’t open attachments with such email unless you’re sure that such attachments are safe. If needed, you can cross-check or confirm again from the sender by asking him what the attachment is about. You may also conduct anti-virus check on the attachments before opening them. This is in spite of the fact that most of the popular email services such as Gmail, Hotmail, Yahoo! Mail, etc., conduct virus-check at their end before the attachments are downloaded to your computer.
(8) Keep email account recovery information up-to-date: Most of the popular email services provide you options to recover your email account in case you forget your password or if someone else has got access to your email account by some fraudulent means. Generally, you may have the option to provide a secondary email address where your reset password can be sent or the link to reset the password may be sent if you forget the password. Moreover, generally you’re also asked to provide some security questions and answers to reset your password if you forget it. Try to set these security questions and answers in a such a way that other people should not be able to guess them. Moreover, always keep the aforesaid recovery information up-to-date and keep checking it so that you should yourself not forget what security questions / answers were selected by you. In fact, Gmail also allows you to provide a mobile phone number in addition to or in place of the secondary email address, to help you in case you forget the password.
(9) Select a strong password: Always select a strong password for your email account. It should consist of a combination of lower and capital alphabets, numerals, special characters and should have at least 8 to 10 characters. Learn more about How to select strong password?
Try to ensure that you scrupulously follow these basic steps to secure your email account from unscrupulous and fraudulent persons who would always try to harm your interests.
Did you like this article? To get all such articles from Tech Superb directly:
Related Articles:
If you would like to make a comment, please fill out the form below.
