Email Security
From Computing and Software Wiki
Line 1: | Line 1: | ||
- | Email Security is to ensure that no unauthorized person has access to the email account, the sender of the email is known and the email can be sent and received. Email Security is needed to protect the computer from threats and to ensure that no hidden malware is sent or received within the email or attachment that can damage the computer system, data and records. On the other hand one can be held responsible for any damage to a third party, if someone unintentionally end up sending a malware within the email. | + | [http://www.itsecurity.com/features/email-security-for-dummies/ Email Security] is to ensure that no unauthorized person has access to the email account, the sender of the email is known and the email can be sent and received. Email Security is needed to protect the computer from threats and to ensure that no hidden malware is sent or received within the email or attachment that can damage the computer system, data and records. On the other hand one can be held responsible for any damage to a third party, if someone unintentionally end up sending a malware within the email. |
Line 8: | Line 8: | ||
There are several things to keep in mind while sending and receiving emails. | There are several things to keep in mind while sending and receiving emails. | ||
- | *When someone sends an email message, it does not go directly to recipient mailbox. The Internet Service Provider stores the copies of all email messages on its mail server before it delivers them. All the information kept on the servers can be easily accessed by the administrator, so try not to send private and important information through email or encrypt the message before sending the email. | + | *When someone sends an [http://www.softheap.com/emlsec.html email] message, it does not go directly to recipient mailbox. The Internet Service Provider stores the copies of all email messages on its mail server before it delivers them. All the information kept on the servers can be easily accessed by the administrator, so try not to send private and important information through email or encrypt the message before sending the email. |
*When an email is sent to a number of people, the recipients can see each other’s email addresses. It is a good practice to use Bcc (blind carbon copy) to enter email addresses of the recipients, so that email addresses do not appear in the message. The email addresses listed in To and CC fields appear in the email message and every recipient can see all To and Cc recipients, but cannot see Bcc recipients. | *When an email is sent to a number of people, the recipients can see each other’s email addresses. It is a good practice to use Bcc (blind carbon copy) to enter email addresses of the recipients, so that email addresses do not appear in the message. The email addresses listed in To and CC fields appear in the email message and every recipient can see all To and Cc recipients, but cannot see Bcc recipients. | ||
- | *Try not to send personal messages from work or with the company account to ensure privacy. Also do not use the personal email to send any information/data regarding the company. Always use company’s email for this purpose, so that company's security is not at risk. Do not give company's email account to everyone, only company's employees and close family members should know that email address. | + | *Try not to send personal messages from work or with the company account to ensure [http://www.itsecurity.com/features/99-email-security-tips-112006/ privacy]. Also do not use the personal email to send any information/data regarding the company. Always use company’s email for this purpose, so that company's security is not at risk. Do not give company's email account to everyone, only company's employees and close family members should know that email address. |
*Avoid forwarding email messages. But if there is still a need to forward email, be careful while doing so. Before forwarding email to a list of friends, delete the previously listed emails to save bunch of email users from getting spammed. | *Avoid forwarding email messages. But if there is still a need to forward email, be careful while doing so. Before forwarding email to a list of friends, delete the previously listed emails to save bunch of email users from getting spammed. | ||
*Be careful while writing and sending emails, the emails can reside in email box for years. | *Be careful while writing and sending emails, the emails can reside in email box for years. | ||
Line 37: | Line 37: | ||
== Managing Email Account == | == Managing Email Account == | ||
- | *It is not a good practice to use just one email account. The email users must have at least three email accounts, one for work, one should be for personal use and the third one for general purposes which can be used to sign up for newsletters etc. | + | *It is not a good practice to use just one [http://www.itsecurity.com/features/25-common-email-security-mistakes-022807/ email account]. The email users must have at least three email accounts, one for work, one should be for personal use and the third one for general purposes which can be used to sign up for newsletters etc. |
*Always log out of email account and then close the browser window after checking the emails. Closing the browser window does not mean that the email account has been logged out. Someone else might still be able to access the account because the cookies contain all the information. Similarly, if the browser window is not closed, after logging out of email, it might still be displaying the email address but not the password, which is not good for the email security. | *Always log out of email account and then close the browser window after checking the emails. Closing the browser window does not mean that the email account has been logged out. Someone else might still be able to access the account because the cookies contain all the information. Similarly, if the browser window is not closed, after logging out of email, it might still be displaying the email address but not the password, which is not good for the email security. | ||
*If a public computer is used, always delete browser history to prevent the information to go in wrong hands, because most of the browsers keep track of all visited web pages, passwords and personal information. | *If a public computer is used, always delete browser history to prevent the information to go in wrong hands, because most of the browsers keep track of all visited web pages, passwords and personal information. |
Revision as of 02:58, 12 April 2009
Email Security is to ensure that no unauthorized person has access to the email account, the sender of the email is known and the email can be sent and received. Email Security is needed to protect the computer from threats and to ensure that no hidden malware is sent or received within the email or attachment that can damage the computer system, data and records. On the other hand one can be held responsible for any damage to a third party, if someone unintentionally end up sending a malware within the email.
Contents |
How to make Email secure?
There are several things to keep in mind while sending and receiving emails.
- When someone sends an email message, it does not go directly to recipient mailbox. The Internet Service Provider stores the copies of all email messages on its mail server before it delivers them. All the information kept on the servers can be easily accessed by the administrator, so try not to send private and important information through email or encrypt the message before sending the email.
- When an email is sent to a number of people, the recipients can see each other’s email addresses. It is a good practice to use Bcc (blind carbon copy) to enter email addresses of the recipients, so that email addresses do not appear in the message. The email addresses listed in To and CC fields appear in the email message and every recipient can see all To and Cc recipients, but cannot see Bcc recipients.
- Try not to send personal messages from work or with the company account to ensure privacy. Also do not use the personal email to send any information/data regarding the company. Always use company’s email for this purpose, so that company's security is not at risk. Do not give company's email account to everyone, only company's employees and close family members should know that email address.
- Avoid forwarding email messages. But if there is still a need to forward email, be careful while doing so. Before forwarding email to a list of friends, delete the previously listed emails to save bunch of email users from getting spammed.
- Be careful while writing and sending emails, the emails can reside in email box for years.
- If some unknown group is sending emails, do not try to unsubscribe because more emails may be received from that group, instead add that email address to the block list.
- Install antivirus on computer and run it regularly. Some viruses take addresses from the contact list and send spams to the addresses saved in contact list.
- Try to minimize the receipt of spams by setting the junk email filter and blocking unknown senders.
Email Security Threats
The email may contain content that can affect the security and privacy. The most common threats to email security are discussed below [4].
Malware
Malware is short for "malicious software", it is a software/program that can damage a computer system, server, or a computer network without owner's knowledge. Malware can affect the computer system by deleting or corrupting the data/files on the local disks. It includes viruses that can destroy the computer system, and spywares that can steal personal information [1].
Spyware
Spyware is a software that is installed on the computer without knowledge of the owner, it monitors the user's activities. It collects personal information, for example sites that a user has visited, personal data such as email address, password and credit card details. It can also change the computer settings. It uses the memory and system resources which results in slow performance of the computer system. The unwanted behaviour of the computer system, poor system performance and slow internet connection are the clear signs that indicate the computer is infected with a spyware [2].
Virus
A computer virus is another kind of malware. Computer virus is a software which is installed on a computer system without owner's permission and corrupts data on the computer system. It can transfer from one computer to another. Computer viruses can be easily downloaded on the machine with the email attachment. The symptoms of a computer infected with a virus are slow system performance and unwanted behaviour of a computer system [3].
Phishing
Phishing is a method to steal personal information like passwords, credit card details, and bank account numbers etc. The most common way of stealing personal information is a link sent through an email which directs the user to a fake website, that site ask the user to enter the personal information. This kind of website is only set up to steal the user's information. To avoid phishing attacks, be careful while entering personal information over the internet [5].
Spam
Spam is a unwanted or junk e-mail sent to multiple email addresses, mostly for commercial purposes. Some companies send emails to a collection of e-mail addresses to promote a product or service. The spammers can collect email addresses by using different kind of programs which collects e-mail addresses and add them to spamming lists [6]. Spams can be avoided by setting the junk e-mail filter, blocking the unknown senders or by using the anti-spam software.
Managing Email Account
- It is not a good practice to use just one email account. The email users must have at least three email accounts, one for work, one should be for personal use and the third one for general purposes which can be used to sign up for newsletters etc.
- Always log out of email account and then close the browser window after checking the emails. Closing the browser window does not mean that the email account has been logged out. Someone else might still be able to access the account because the cookies contain all the information. Similarly, if the browser window is not closed, after logging out of email, it might still be displaying the email address but not the password, which is not good for the email security.
- If a public computer is used, always delete browser history to prevent the information to go in wrong hands, because most of the browsers keep track of all visited web pages, passwords and personal information.
- While replying to an email, be careful in using “Reply” vs “Reply all” button, so that only the right person receives the reply, unless one wants to send reply to all addresses.
- It is a good practice to back up your emails, by exporting emails to a folder and then burn a cd.
- Do not think that deleted email is gone forever. The deleted messages still exist in backup folders on remote servers and can be retrieved.
See also
Phishing
Malware
Internet Cookies and Confidentiality
Identity Theft
Anti-spam Systems and Techniques
References
- "Malware", Retrieved on April 04, 2009 <http://www.onguardonline.gov/topics/malware.aspx>
- "Spyware", Wikipedia, Retrieved on April 05, 2009 <http://en.wikipedia.org/wiki/Spyware>
- "Computer viruses: description, prevention, and recovery", Retrieved on April 07, 2009 <http://support.microsoft.com/kb/129972>
- Cocca, Pam Email Security Threats. Published in SANS Institute, 2004
- "What is Phishing?", Retrieved on April 08, 2009 <http://www.webopedia.com/TERM/p/phishing.html>
- "Spam", Retrieved on April 09, 2009 <http://www.bewebaware.ca/english/spam.aspx>
External links
- The 25 Most Common Mistakes in Email Security
- Email Security for Dummies
- Email Privacy and Security Tools
- Email: 99 Tips to Make you More Secure and Productive
- Stop Spam|Viruses|Spyware
--Shamsh 3:08, 10 April 2009 (EDT)