While I might have an entire generation of Millennials that
disagrees with this statement. E-mail is the hub in
which all other online activities revolve around. To prove this point, take a look at the last
30 e-mails you have in your Inbox (disregarding any spam). You probably have an e-mail or two from your
financial institutions (banks, loan company, insurance, and brokerage), e-mails
from online eCommerce sites that you frequent, e-mails from all of your
social media sites, your mobile phone provider, and possibly your utilities as
well. Also, if you think about it, every
website that you are registered on does password resets
via e-mail. While some may also have
SMS text as an option, or as an additional factor, the majority still just use
your e-mail to reset your password. And
that is what makes e-mail a huge cyber risk area.
Should your e-mail be compromised by a hacker, while yes, they can read
your e-mail or send e-mail on your behalf, the worst part is that they can
quickly inventory every website and bank that you do business with. This combined with the ability to reset your
online passwords through your e-mail makes for a dangerous combination. And once they have access to your e-mail, they can intercept and delete any alert e-mails you get from your banking and eCommerce websites of transactions, address changes (for shipping credit/debit cards or merchandise paid for with your account), or other suspicious activity.
Also, the common mistake people make is that they use the
same password for their e-mail that they use for their other online
accounts. So before a hacker even tries a
password reset, which may be noticeable by you, and may send an SMS text alert
to your phone, they will first try your e-mail password on your other websites
as a one-time attempt. This way they
will not trip the “3 strikes and you’re out” password lockout rules, and will
most likely get some hits, preferably on a banking site or eCommerce site that
you’ve stored other information on such as your date of birth, social security
number, or your masked credit/debit card that shows the last 4 digits. Although it is PCI compliant to mask all
but the last 4 digits of your credit/debit card, it is also another data
point that many organizations use to identify you if you call in to their contact center.
To sum it up, your e-mail is used on all your other web/mobile sites. It is used for identification, for password resets, for communication with you, and contains a history of messages from all websites you have interactions on. You need to protect your e-mail account.
So how do you do this? Follow my tips below:
- Don’t use the same password for your e-mail that you use on other websites. (If your account is compromised on another website, and your e-mail uses the same password, then the Hacker has control of your e-mail)
- Don’t recycle old passwords.
- Change your passwords every 30 – 45 days. (See my blog post on changing passwords frequently)
- Make your password a complex password that can’t be guessed. Use lower and upper case, numbers, and special characters. The longer the better (10-14 characters). Never use dictionary words of names of people.
- Be alert of suspicious activity in your Inbox, such as e-mails that are in a “read” status that you did not read yet, or e-mails that have been moved to Deleted Items, that you did not delete. Also check your Sent items to see if there is anything in there that you did not draft.
- Be cautious when using public computers (libraries, hotel business center, etc.). Make sure you totally log out of your e-mail, and it is a good idea to change your password when you get back to home/work and can access a computer that you trust.
No comments:
Post a Comment