There are more ways than ever to communicate at home and work. Despite the prevalence of text messaging, Snapchat, Facebook, Slack, and everything else, email remains one of the commonest ways to pass messages around. When you send email, you might think the contents are private — the only people that will see them are you and the recipients of the message.
Unfortunately, that’s just not the case — email is one of the least secure forms of communication there is. We’re not just talking about Hillary Clinton, DNC server hacks, leaks, or Russians either — the emails you and I send every day can be compromised much more easily than you think.
We know you’ve got questions and we’ve got answers. Here’s the SaneBox Scoop on how your emails are never really private…
Be Gentle With Me — What’s the First Thing I Can Do to Keep My Email Private
Our first tip is a really simple one. Make sure you are sending the email to the right people, and only the right people. There are several ways you can do this:
Check and double-check the “to,” “cc,” and “bcc” addresses for your email.
Make sure the person you’re writing to is the right person — writing to johnsmith@email.com is very different to writing to john.smith@email.com.
If you do realize you’ve sent the email to the wrong person follow up on it immediately, especially if it’s sensitive information — talk to your business security team.
Here are some horror stories about not checking your email recipients.
This is such a simple and obvious step that it’s amazing so many emails are sent to the wrong people. Get into the habit of checking all your recipients.
But I Can Trust the People Who I Send Email To Keep It Private, Right?
Oh, you sweet, sweet child. Unfortunately, emails have this way of getting forwarded on, replied to, having new recipients copied in, and all sorts of other shenanigans. The best way to deal with this is to make sure you don’t disclose sensitive or confidential information in emails. Instead, share those details through communications that can’t be forwarded, like a phone call or a face to face meeting. If you must send an email, write it like the whole world might be able to see it.
Of course, one other risk is that the recipient’s computer or email account is compromised, meaning hackers could potentially read anything they have received. There’s not much you can do about that apart from thinking about whether it’s appropriate to share confidential information in an email. (It isn’t.)
Understood. Are There Likely to be Other People in My Own Business Who Can Read My Email?
You bet. Many companies reserve the right to monitor and inspect any email that passes through their servers (so, any email that you send and receive using your business email address.)
If you look at your work contract or company policies, you will likely see a policy stating that IT or business security has the right to scrutinize your email. Now, most of the time they are not going to do that, but to be safe make sure you never include anything embarrassing or incriminating in any email you send.
Do I Need to be Concerned About People Hacking My Email Account?
It’s always sensible to stay as safe as you can online. The fact is, email accounts are very valuable to hackers. If they get access to your email account, they could potentially get access to your password reset and recovery options for other accounts, and that would be bad. Hackers normally get access to your email account in one of three ways:
Using the same password for your email account as for other accounts — if the other account gets hacked, the hacker tries it on your email account and they’re in.
Installation of malware — a virus, worm, or other malware can act as a “keylogger,” capturing your password and giving hackers access.
Brute force or social engineering attacks — these are less common ways for hackers to get access to your email account.
There are three main ways to protect yourself from these threats:
Use a different password for every account you have, especially your email account. A password manager can really help with that.
Setup two-factor authentication for your email login — this is one of the best ways to protect your account.
Make sure you have antivirus and firewall software installed that can identify and remove malware from your email.
Are There Other Ways Hackers Can Compromise My Email Privacy?
When it comes to hackers, malware, and bad actors, criminality knows no bounds! There are a couple of other techniques hackers use to compromise email, they are:
Spoofing email addresses — this is what happens when the display name and email are very different to where the email is actually going. Here’s how it works and how to protect yourself.
Another issue is where they use an email address that looks legitimate but isn’t. Here’s an example:
Here’s an example:
example@gmail.com or example@grnail.com — they look pretty similar, right? But the “m” in the second “Gmail” address is actually an “r” and an “n” next to each other, like so: “rn.” Mind… blown..?
OK, What About When the Email Leaves My Email Provider, on the Way to the Recipient?
When you click send, your email wings its way across the ether. It hops from server to server until it reaches its destination. There’s a risk in that because the best way to think about sending an email is that it’s like sending a postcard — anyone looking at those intermediate servers could theoretically look at a copy of your email and see what it has to say.
You can get around this by encrypting your email. Much of this relies on a principle called “Pretty Good Privacy” or “Public Key Encryption.” We won’t get into the weeds on how it all works because there are already some excellent guides out there which tell you how to encrypt your email for free.
Needless to say, never send unencrypted passwords in an email — that’s like hiding your front door key under a sign that says “key” in front of your house.
When I Delete Email, It Can’t Be Recovered, Can It?
We’re afraid so. Your email is likely to be stored on your computer, your business email servers, the Internet Service Provider’s (ISP) servers, the recipient’s ISP, and the recipient’s computer. Deleting your email locally won;t delete it in any of those other locations. Remember too that because emails are digital and don’t take up much space, they can be kept indefinitely.
This is Making Me Realize I Can’t Take Email Privacy for Granted
That’s good because you really can’t. Emails are notoriously easy to hack and can release some very embarrassing information, as anyone who has watched the influence of emails over politics can attest. If you want to protect yourself, here are our final tips:
Assume the whole world will be able to read your email.
Don’t include sensitive or confidential information.
Check and double-check senders and recipients.
Use the latest anti-malware programs.
Encrypt your email if possible.
Be aware of your company’s email policy.
Imagine email is like a postcard.
Be vigilant.
If you can follow these, you do stand a chance of keeping your email at least a little bit private. Good luck!
