Just about everyone has and uses web-based email. Be it Gmail, Hotmail, Yahoo mail, etc.
But is it as secure and reliable as what we are made to believe? The internet is mine field of possible traps. Web based email is only as secure as the web browser you are viewing it on. Although there are basic steps that one can take to secure basic email services, you still should wonder how well the actual end-to-end communication is protected.
It is possible for someone, with some basic hacking knowledge, to eavesdrop on an email account and acquire sensitive information unless many precautions are taken or the email is truly encrypted.
Who can access your email if it isn’t secure?
-Malware that can gain access to your entire computer
-Anyone with access to your computer or device
-Other computers on a network
-Your internet service provider (ISP)
-Your email provider
-The email provider of an email’s recipient
-Other computers on the recipient’s network
-The ISP of the recipient
-Anyone with access to the email recipient’s computer or device
There are a lot of doorways into your email account. However, the risk is not only on the sender’s or and the receiver’s end. And by no means that you or your recipient aren’t interesting enough for someone to intercept your email communications. You are a wealth of information just waiting to be collected as ‘meta data’ which in turn can be sold, or worst, be used for identity theft!
Securing Web-Based Email
Here are the basic steps you can take to secure your web-based email:
-Choose a strong password that would be difficult for someone to guess. This means that symbols, numbers, and a combination of uppercase and lowercase letters should be used.
-Use two-factor authentication when available. Unfortunately, this security measure isn’t available on every web-based email service.
-Don’t share your password with anyone. Even if you trust them, it’s best to keep your password to yourself.
-Avoid using your email on public Wi-Fi, especially when the email account contains sensitive information. You can obtain a VPN, which masks your IP. However, there is always that chance that a man-in-the-middle attack could occur.
Use an encrypted browser like Comodo Dragon, which increases your browser security and better protects what you are viewing.
It’s also important to have your antivirus software set to scan your emails. This will help protect you from viruses.
Web-Based Email vs. PC Email
A question that often comes up: Is if web-based email is more secure than PC email? The quick answer is that there is really no difference. The emails are stored on your internet provider’s server, or even pass through it, no matter what. When you use an IMAP email client, such as Outlook, on your computer, all you have is a copy of the email on your computer. The original email rests on the provider’s servers.
On the other hand, when you use POP3 protocol, the messages get downloaded to your client and deleted from the server.
However, you can see that all email messages are on the internet provider’s server until you initiate the ‘read mail’, when it gets downloaded and deleted from the server.
Things like malware arrive in attachments no matter where you are viewing your email.
Web-based versus PC email comes down to convenience. It can be very convenient to receive a popup notification that PC email can afford you. The immediate gratification of being notified as soon a you receive an email can be quite pleasing, at first. Plus, an email client allows you to backup your emails, whereas a web-based email may not. (Be aware that internet providers do keep backups of all their servers for their own use and protection. They also must turn over the information stored if and when a court order is issued)
What Not to Do in an Email
Another way to secure your email is to make a list of things you shouldn’t do. For instance, some companies refuse to email statements to their clients. Instead, the companies send them via postal mail or make them available on a website under the security of a login.
Never send information like social security numbers, license numbers, or other details that could be confiscated by a middleman and used for identity theft. Identity theft is the primary reason why personal information is stolen. (Unless your email is properly encrypted.)
And of course, never send any personal information to anyone over email. Unless encrypted, even when using secure email, the utilization of an email client means that there is a copy of the email on your computer. If the computer is hacked, the email information is accessible.
The real answer to security and reliability is to use encrypted email. The information in the email is encrypted before it is ever sent. If a middleman gets a hold of the data, it is practily impossible for them to decrypt the contents of the message. It would take them decades to determine the content of an email, so encrypted information isn’t worth their time and effort. A hacker will move on to the next person once they discover encryption is in place. Low hanging fruit principal.
If you want to take it a step further, you can send encrypted attachments to your email recipients. However, it’s important to let your recipients know what you’re doing so that they know it’s safe for them to open attachments from you. Here is how you can send encrypted attachments:
-Write messages in a plain text editor and save it to the computer, external hard drive, cloud, or thumb drive.
-Use a tool to encrypt the file. 7-zip is a free program that allows you to zip up a file.
-Password protect the file.
-Make sure your intended recipient knows the password to that file. For instance, you can text message it to them or simply call and let them know. Naturally, don’t email the password to the recipient.
-Attach the zipped file to the email and send it.
-This will work regardless of the type of email you are using. Unfortunately, there are many steps involved. Not everyone has the time to take all these steps. The main reason encrypted email is becoming a cornerstone of email solutions is that it does away with the cumbersome steps.
Another Easier Solution
Secure Swiss Data has an encrypted email solution that will provide you with the power of encryption without having to download programs, relay passwords, or type emails into individual documents.
It’s a secure and reliable solution that will give you peace of mind when relaying sensitive pieces of information.
When you have a good solution in place, you worry less about how secure your web-based email is. While all web-based services seem to have a high degree of reliability, reliability doesn’t necessarily translate into security. Encryption, however, gives you that additional security. Combine it with other security methods like using an encrypted browser, exercising caution in your communications, and using a VPN, and you have a solid, reliable security solution.
For further reading on the subject, check the Digital Trends article by Geoff Duncan