5 Ways to Protect Your Email as Cybersecurity Concerns Rise

This story is part War in UkraineCNET’s coverage of events there and the wider effects on the world.

As The Russian invasion of Ukraine continues and the sanctions imposed on Russia by the international community are increasing, cyber security concerns are also growing. Although U.S. officials have not identified a specific cyber threat of retaliation against the United States exiting Russia at this time, officials are calling on individuals and organizations to remain vigilant and prepare for the possibility of a cyberattack. Part of this vigilance should include email security, as emails are particularly susceptible to attack.

To be clear, large-scale organizations are the most likely target of any major state-sponsored cyberattack, although independent actors may also seek to exploit vulnerabilities in smaller-scale operations. However, the level of personal risk for individuals remains extremely low.

Even so, you should not take your personal online safety for granted. There are basic steps you can take to protect your digital privacy and mitigate the risk of being affected by a cyberattack.

One of the most important considerations is to protect your email. Email is still one of the most widely used online communication technologies, but it’s also one of the least secure – which is why it requires special attention. In addition to taking steps to protect your email, it is important to create a local backup of any priority correspondence or email-dependent documents in case of potential temporary outages that your email provider may experience as a result of a cyberattack.

Here are five things you can do today to secure your email.

Use a strong and unique password

CNET has a lot of useful advice on what makes a strong password, but the two most important things are that your password should be long (at least eight characters, including numbers and symbols) and unique (i.e., don’t reuse the same password for multiple accounts ). If you have difficulty with passwords, a password manager can help generate complex passwords, remind you to change them, and help you remember them.

Your password is the first line of defense against someone who wants to infiltrate your accounts and gain access to your private data and communications. Make sure that defense is strong.

Enable two-factor authentication

Two-factor authentication adds an extra layer of security to your email account. After entering a password, you will need to provide a separate passcode sent to your phone or mobile authenticator to access the account. This means that even if an unauthorized party were able to crack your password, they would still need physical access to your phone to access the email account. Most email services offer two-factor authentication; if the email service you are using does not do this, you should switch to one that does. Email providers usually offer different ways to enable this feature, but usually if you head to your email account settings and look for options labeled privacy or security, you can usually find and enable the feature there.

Use a secure email service to encrypt your messages

Secure email services such as ProtonMail, Tutanota and StartMail encrypt your email to ensure that messages remain inaccessible to any unauthorized party who may want to spy on your correspondence. The secure email services listed above also offer the ability to create disposable aliases to further protect your privacy and limit who has access to your primary email address. Keep in mind that while you can get a limited basic account for free with some encrypted email services, you’ll have to pay for enhanced privacy features such as aliases and custom domains.

Identify and avoid phishing scams

Phishing is still one of the most common methods used by cyber attackers to break into online accounts. If you see an unsolicited email asking you to urgently click a link or download an attachment, it’s likely a phishing scam. Never click on these links. Otherwise, you risk downloading malware or revealing personal information such as your passwords and financial information.

Phishing emails often appear to come from legitimate sources (perhaps an online service you use, like Netflix or PayPal) and usually claim that there is a problem with your account or payment information. Crooks are even trying to exploit the situation in Ukraine by run phishing campaigns and other scams that exploit people’s instinct to help in times of crisis. However, you can often spot grammatical errors or other inconsistencies in phishing emails that will alert you to the presence of a scam. If in doubt, do not engage in the email and try to verify this information directly with the alleged source.

Use Apple’s Hide My Email feature if you have an iPhone

With the release of iOS 15Apple has rolled out Hide my email, an important security feature that will allow you to hide your email address from sites and services you sign up for online. Hide My Email generates a randomly assigned email address to use in situations where you don’t want to provide a website with your real email address. This feature can help limit the number of sites and online services that have access to your personal email address, as well as the risk of it being shared with other malicious entities.

If you have an iPhone, you can access the Hide My Email feature by going to Settings > iCloud > Hide my email.

If you don’t have an iPhone, the most convenient way to replicate this functionality would be to use different aliases, if your email provider offers it. Many popular email services such as Gmail, Yahoo, Outlook and other secure email providers offer aliases. Check your provider’s account settings to see if they offer the feature.

For more cybersecurity tips, see our privacy checklistread about donation scams to watch out forand why it’s important to keep your operating system up to date.