Email Security: What To Do If Your Email Account Has Been Hacked

Posted on August 2, 2011 by tnguyen

Recently, my Gmail account was hacked. I was unable to log into my email account and my friends and family were receiving spam messages from my account asking them to click on links I (supposedly) recommended. The embedded link directed them to a malicious webpage but, fortunately, my friends and family knew me better and didn’t click on the suspicious ‘recommended’ links to male enhancement drugs.

Email and account passwords are the prime targets of hackers and malware writers. Millions of email accounts are being compromised every day–many times without the users’ knowledge. The goal of most email hijackings is to steal identities, acquire financial data or send spam. And since most people use email to store personal data such as passwords, financial account information and other sensitive information, it is critical to secure email accounts and use email encryption to avoid being a victim of hackers and cybercriminals.

Here are some steps to take if your email account has been hacked:

  • Reset your password immediately if you think your account has been hacked. Use new passwords that are long and has letters, punctuation, symbols, and numbers–the greater the variety of characters in your password, the better. Contact the site’s support staff if you think the hacker has changed your passwords and you are unable to log into your email account.
  • If you used the same password for other accounts, make sure you change the passwords for all those other accounts as well and please use different passwords for each account. While it may be easier to remember one password, think of the inconvenience and loss you could suffer if a hacker gets access to all of your accounts by knowing that one password.
  • Delete all email accounts you rarely use or have not used in the last few months. HHackers love to get into accounts you don’t use since they can do some damage before you even realize your account has been hacked.

To help prevent future email hijackings, avoid using unsecured or public wireless networks.  When possible, use a secure wireless connection since others can easily intercept the information you are sending when using “unsecured” public or “open access” wireless connections. Also, when sending sensitive messages, use email encryption to send secure email. Email encryption will ensure that only the intended recipient will be privy to your personal data and not some savvy internet hacker.  Some companies offer free email encryption without having to download software or use encryption keys.

Even if you have PC security software installed on your computer, your email account(s) can still be hacked. With today’s sophisticated attacks, and the newer and tougher viruses and Trojan horses that are being developed every day, it has become tougher to deal with them. When data is stolen, sometimes it is impossible to recover the information. Email providers are continually upgrading their security but they still have long ways to go. Nevertheless, you don’t want your email address and password falling into hands of malicious hackers so be vigilant and take email security measures seriously.

Posted in Email Encryption, Email Security | Tagged , , , , , , , , , , , , , | Leave a comment

Email Encryption Protects Your Customers and Bottom Line

Posted on July 31, 2011 by tnguyen

Recently, hackers known as Lulz Security attacked the websites of Sony, the U.S. Senate, the CIA and PBS, among others. They accessed customer account information and stole names, email addresses and passwords of millions of users and published them online for anyone to see. What’s most concerning is that large corporations such as Sony didn’t even encrypt the data of users of its PlayStation network — phone numbers, passwords, email addresses and account histories.

According to the Privacy Rights Clearinghouse, these attacks are among the hundreds of online security breaches this year, compromising data of more than 22 million people. With a growing number of laws and regulations, financial penalties, and public notification costs, a security breach can be burdensome and costly for companies that don’t protect sensitive data and encrypt email. Now more than ever, ensuring the protection and confidentiality of customer data is critical to a company’s brand and bottom line.

Most emails sent, including those that contain highly confidential data, are sent in plain text and most file transfer systems do not include encryption, leaving sensitive data exposed for hackers and cyber criminals to steal. It is important to note that the email message itself is not the only information at risk. An Osterman Research survey found that 29% of the emails sent through corporate email systems contain attachments, and that emails with attachments account for about 96% of the total volume of content sent through email systems. Protecting the integrity of files sent through email is just as important as protecting the messages themselves. File and email encryption are critical to meet compliance with regulatory obligations and to protect the integrity and confidentiality of sensitive data.

Because of increasing amounts of sensitive content that organizations are sending and storing in email and the increase of data breaches, email security has become a business and legal necessity. Failure to protect sensitive data has both commercial and legal ramifications. Any individual or a business that’s involved in any type of sensitive information absolutely should use email encryption. It would be much safer to ensure your email is secure rather than risk the potential problems of insecure emails. Most likely, businesses faced with the prospect of deploying encryption capabilities or living with the costly consequences of data attacks will opt for the former.

The bottom line is: Businesses that fail to protect sensitive data and secure email will face negative business and legal consequences and businesses that can demonstrate a secure infrastructure for their customers’ personal information are more likely to win and maintain customers.

Posted in Email Compliance, Email Encryption, Email Security | Tagged , , , , , , , , , , | Leave a comment

Sending Private Emails at Work

Posted on July 26, 2011 by tnguyen

Do you ever use your company’s computer and email account to send private emails to your friends and family? It’s probably not a good idea since anything that you have ever sent via company email is accessible by your company and others outside your company.

Most employers have a detailed policy regarding use of company computers and resources such as e-mail and Internet. And most companies have computer use policies stating the company owns the rights to all data and files in any computer, network, or other information system used and reserves the right to monitor computer and e-mail usage, both as it occurs and in the form of account histories and their content.

Company email policies will let employees know that the company’s e-mail system is to be used for business purposes only and that any illegal or other unauthorized use of e-mail can result in disciplinary action. According to the Privacy Rights Clearinghouse, when you use your company’s computer system, your employer has a right to review your communications — this includes your email and Internet activities. If your email communications demonstrate a poor work ethic or use of company systems for non-work activities — you could be at risk for disciplinary action.  

Keep in mind that even after you’ve deleted an email, it still can reside on any number of servers for years. Emails can be retrieved and read by your employer as long as there are backup copies and copies of your email can even be archived indefinitely. Copies of your emails are typically stored unencrypted on your computer, your company’s or host’s mail server, each recipient’s mail server, and each recipient’s computer. While transmitting your message normally takes a fraction of a second, once your message is stored it normally sticks around for years.

Most importantly, if you are not using some form of email encryption, anyone in and outside the company with computer knowledge can spy on your email while in transit or use your password to send emails as though they came from you. This provides multiple opportunities for unauthorized access to your email messages and raises legitimate privacy concerns.

So keep your personal life private and refrain from sending personal information through your work computer and email account. Separate your personal email from your business email. Your personal emails should be kept private and not stored on corporate backup servers, sniffed by network tools or looked at by nosy employees. And use email encryption to send secure emails. If you use Outlook, you can download this free email encryption Add-In for Microsoft Outlook which allows you to view and send secure messages within your Outlook account. You’ll be able to send encrypted emails without burdening your recipients and they’ll be able to read your messages via their favorite web browser.

Posted in Email Encryption, Email Security | Tagged , , , , , , , , | Leave a comment

How to Comply With Nevada Law Requiring Email Encryption

Posted on July 26, 2011 by tnguyen

While some regulatory bodies only go as far as manifesting their preference with email encryption, there are others who are very explicit about it. In the State of Nevada for instance, they have a law that actually requires the use of email encryption. It is stated in Chapter 355, SB 227.

Section 1 of Chapter 355 prohibits data collectors doing business in the State of Nevada from transmitting any personal information through any electronic, non-voice transmission (except fax) to anyone outside their (the data collector’s) secure system unless encryption is employed.

Per definition, a “data collector” can be any government agency, institution of higher education, corporation, or just about any business entity that handles, collects, or deals with nonpublic personal information. So that more or less covers a vast majority of the organizations out there.

Personal information, on the other hand, pertains to a person’s unencrypted first name (or its initial) and last name combined with any of the following, which is also assumed to be unencrypted:

  • SSN (social security number)
  • Driver’s license number or identification card number
  • Account number, credit card number or debit card number, accompanied by its corresponding security code, access code or password.

The importance of compliance

What benefits are gained from compliance? In the event that a breach of data security occurs despite the presence of encryption, the data collector shall not be held liable for damages as a result of the breach. If that’s not enough motivation for compliance, then perhaps the consequence of non-compliance might be.

If there is reason to believe that an unauthorized access or disclosure of personal information has taken place, the data collector should notify the owners of the compromised information as quickly as possible. The owners should be notified through written, electronic, or any of the prescribed substitute media of notification, namely:

  • through a conspicuous posting on the data collector’s website (if they have any), or
  • through a statewide media

This alone can be very damaging. Even if the data collector can afford to spend for the notifications, it may not be able to recover from the bad publicity that will surely be incurred.

But why email encryption?

It just makes sense. In most cases, when you send out an email, the information found there can easily be viewed by other people. That’s because not only is the content transmitted as plain text, it is also stored in your hard disk, in your recipients’ hard disks, and in both of your email servers’ disks, as plain text.

The only way to ensure that personal information sent through email is kept safe from unauthorized access, is by sending encrypted email. By encrypting your email, you prevent unauthorized users from making out the contents inside.

 How to encrypt your email

When it comes time to encrypt your email you could purchase, install, and configure one of the dozens of software or hardware based solutions on the market. But sending secure email doesn’t have to be expensive or complicated. There are secure email encryption services that are very easy to use without having to install, configure, or maintain anything. You can try out this free email encryption service and start sending secure messages in a matter of minutes.

Posted in Email Compliance, Email Encryption, Email Security | Tagged , , , , , , , , , , , | Leave a comment

Free Email Encryption: No More Excuses

Posted on July 20, 2011 by tnguyen

With the constant threats of hackers, viruses, phishing and identity theft, as well as the need to secure business information, email security should be high priority for all businesses. However, many businesses are not using email encryption even though they often collect, store and transmit personal and confidential information using unencrypted email.

Meanwhile, consumer and government concern over privacy protection continues to grow as well-known companies have become victims of security breaches and having their customer data stolen and exposed. Identity theft grew exponentially in the past few years and identity protection services are a new thriving business. Still, businesses remain reluctant to use email encryption.

Many business owners have their head in the sand and believe that security breaches only happen to other people. Even some banks and credit card companies, as well as many other companies, are missing the boat on email encryption. For example, if you forget your password, they’ll email you a new one using open text, unencrypted email.

When it comes to email encryption, it is a common misconception that the more complicated, state of the art, expensive solutions provide the best protection. Even though this isn’t true, small businesses often feel that they are at a disadvantage when it comes to email security because they cannot afford to deploy such solutions and that email encryption is complicated and the hassle of exchanging security keys and passwords is just too much effort.

The fact is, there are simple, low-cost and even free effective email encryption solutions available in the market. Sending encrypted email is as easy as sending unencrypted email. For example, the free email encryption service from Sendinc allows you to quickly compose and send encrypted email messages using your own email address and only your recipients will be able to view your message by clicking on a link in a secure email. The recipient simply creates a password the first time they receive an encrypted email and they can view the message. Sendinc is a free email encryption service. There is nothing to purchase, install, configure, or maintain and there are no keys to generate, publish, or maintain. For users wishing to take advantage of more advanced features there’s Sendinc Pro @ $5 / month.

A recent report from CIOL.com suggested that companies should employ encryption to limit the risk of certain data protection threats from cyber criminals. By using encryption software, emails are hidden behind an additional security layer, which prevents unauthorized parties from accessing the information within them. Another benefit is protection from cyber criminals. As they become more adept at penetrating firewalls and other security measures, encrypting email files adds one more layer of security through which they must navigate.

While using email archiving and various other solutions has been a big step for companies, securing information during transfer is as important as protecting it for long-term storage. It’s critical for businesses to have security measures in place to protect sensitive data and email encryption is a key step in data protection.  So what’s stopping you from sending encrypted email if there are easy and free email encryption services available?

Posted in Email Encryption, Email Security | Tagged , , , , , , , , , , , | Leave a comment

Businesses Using Email Encryption

Posted on July 19, 2011 by tnguyen

Many people think that only government agencies and organizations dealing with highly classified data use email encryption. While it’s true that many government agencies and the military use email encryption to protect sensitive data against competitors and state enemies, email encryption is being widely used by companies across many industries as well as individuals wanting to protect their privacy and confidential information.

We live in the ‘Information Age’ where business communications and transactions are increasingly going online and data is a leading commodity. This is why numerous businesses invest in resources and technology to secure sensitive data as strictly as possible. Especially with all the data breaches happening worldwide, many industries are now obtaining email encryption services to protect themselves and their customers.

In addition to the military, there are many private businesses that work on defense and other classified programs for the government. These businesses generally deal with multi-million dollar contracts and use encryption software and archiving to secure their communications and trade secrets. A defense company that does not use encryption and email archiving software can go out of business or end up in legal battles if trade secrets and classified information get in the wrong hands.

Chances are, your favorite restaurants have their secret recipes they want to remain a secret. We’ve all heard that KFC’s fried chicken is made with 11 top secret herbs and seasonings and they go to great lengths to protect their secret recipe. Many companies in the food industry use encryption software to encrypt messages as well as their top secret formulas and recipes. Imagine the losses these companies would incur if their secret recipes were leaked and their competitors were able to copy and sell the same great tasting products, perhaps at a lower price?

In addition, business and financial professionals such as lawyers, financial advisors, banks, brokerages, accountants, educators, and healthcare providers, all have ethical and fiduciary duties to keep their clients’ personal information confidential. In fact, federal and state governments have enacted legislative measures (HIPAA, SOX, GLBA) that require these industries to protect the privacy and reliability of business and personal information.

These are only a few examples of industries that using secure email encryption to send encrypted emails. These businesses know that email encryption is a key step in sending secure messages and protecting confidential data as well as reducing the risk of damage to their brand.

Posted in Email Compliance, Email Encryption, Email Security, HIPPA | Tagged , , , , , , , , , , , | Leave a comment

Email Security for Smartphones

Posted on July 12, 2011 by tnguyen

According to new CNN reports, out of the 83 percent of U.S. adults that own cell phones, more than one third owns a smartphone. And as smartphones become more popular, they’re going to get some unwanted attention from hackers and cyber criminals.

Unlike the feature cell phones that are limited to making voice calls, a smartphone combines the functions of a personal digital assistant (PDA) and a mobile phone. Today’s models are more powerful and feature-rich and can also serve as portable media players, camera phones, GPS navigation, Wi-Fi and much more. Smartphones are usually loaded with various applications and are used to surf the web, send emails, as well as make online transactions.  Unfortunately, with the increased utility comes increased security threats.

In the past, hackers have not paid much attention to mobile devices since mobile phones haven’t traditionally been used to send and receive private messages or store sensitive data. Having the ability to transmit and store a wealth of personal information makes smartphones a target for cyber criminals.

Although smartphones come with advanced features, many lack data encryption applications, especially on the SD Card. That’s a significant risk for users who transmit or save their confidential data on unencrypted SD Cards. Using an online email encryption service is a easy and fast way to send secure emails for free without downloading software or the use of encryption keys and it works on any email client or web enabled device.

Also, if your smartphone is ever lost of stolen, use a remote wipe service to remotely clear all of your data–including e-mail, contacts, texts, and documents–off of the handset, thus keeping that information out of the wrong hands. For example, Lookout Mobile Security enables you to wipe your device via the Web and lets you track a lost device through GPS, back up your data over the air, and even scan for viruses. Its basic version is free, but to enable advanced features such as remote wipe you will have to pay for a Premium account ($3 a month or $30 a year). Lookout works with: Android, BlackBerry, and Windows Phone 7.

Smartphones hold a wealth sensitive data and security must be tightened to prevent the theft or loss of important confidential information. Make sure you use email encryption to send encrypted emails and a remote wipe service to remotely lock a handset, erase its data, or locate it if your beloved smartphone gets lost or stolen.

Posted in Email Encryption, Email Security, mobile security | Tagged , , , , , , , | Leave a comment

Email Encryption for Health Care

Posted on July 12, 2011 by tnguyen

The use of technology to fuel advances in health care has been nothing short of amazing.  And as the costs of health care continue to increase, technology is also being used to increase productivity and cut costs, particularly in patient care. For example, doctors could soon be diagnosing patients over email. Patients can email their doctor with their symptoms when feeling ill and doctors would reply later that day with their recommendations. In addition, patients with long-term conditions that require regular monitoring, such as diabetes, could record their own blood pressure and glucose levels using telehealth technology, before emailing the data to their doctor. As cool as this may sound, this raises concerns about patient data security. Using email to communicate with customers, clients and patients can expose doctors and businesses to the potential of violating state or federal laws such a HIPPA.

With healthcare professionals increasingly using email to communicate with patients and colleagues, the risks of confidentiality breaches also increase. Doctors need to be aware of the pitfalls when sending patient data electronically and their responsibility to ensure that patient records remain secure. Doctors who fail to protect patient information risk incurring fines and facing professional difficulties as the law clearly states that personal patient information must be effectively protected at all times against improper disclosure.

There are a couple of problems with regular email. First, regular email is sent in plain text and can be read if intercepted. The second problem is that regular email routes through numerous ISP servers en-route to its intended recipient. In addition, copies of emails are generally stored on the sender’s computer and mail server, each of your recipients’ mail servers, and each of the recipients’ computers. That gives unauthorized users a lot of opportunities to access data. For the health care industry as well as other businesses, sending unencrypted email presents significant risks. Confidential patient information must be protected against unauthorized access. This is why the use of email encryption is highly encouraged to prevent sending insecure, identifiable data. Patient information that contains financial or medical information should be encrypted; especially where the information is being held on a laptop or other portable device and could be used to cause an individual damage or distress.

Traditional email encryption solutions can be complicated and require at least a moderate degree of computer expertise to implement. There is software to purchase, download, and install. There are encryption keys to generate, publish, and maintain. For email encryption to be an effective solution for protecting confidential data, encryption must be easy to use to gain widespread adoption. The good news is that are easy, low cost email encryption solutions available that can meet the needs of the health care industry as well as any business that has a need to protect confidential customer data.

Businesses that have a need send secure email messages with confidential information or large files such as medical imaging files can be easily encrypted and sent with encryption solutions from Sendinc. Sendinc uses security practices that meet and in many cases exceed encryption requirements and helps organizations meet and maintain compliance with corporate and government regulations such as HIPAA. Sendinc makes it easy for anyone can send and receive military-grade encrypted email in minutes and requires no special technical expertise. There is no required software to purchase, download, or install. There are no keys to generate, publish, or maintain. You can try out their free email encryption service to transmit and receive secure messages.

Posted in Email Compliance, Email Encryption, Email Security, HIPPA | Tagged , , , , , , , , , , , , , , , , , , | Leave a comment

Email Security Tips and How to Tell if Your Email Has Been Stolen

Posted on July 6, 2011 by tnguyen

In the past few months, several large corporations such as Sony, Epsilon, Citibank, and even Google have been victims of security breaches, exposing personal identifiable information on millions of consumers. These are just a few cases you’ve heard about. There have also been hundreds of other data breaches documented in Privacy Rights Clearinghouse that didn’t make the headlines. According to a recent survey by Osterman Research, one-third (33%) of U.S. businesses have been impacted by the improper exposure or theft of customer information. 

Email security should not be taken lightly as the numerous data breaches against various companies and government agencies have proven that anyone is susceptible to data attacks, resulting in compromised sensitive data and significant financial losses. Company email is the leading component that criminals use in order to steal sensitive data since it is the easiest entry point for access to confidential data. Even if you are careful with your computer security, your email address can be hacked or stolen if a third party where you were using the same password for multiple accounts is compromised.

What malicious hackers do when they get hold of someone’s username and login details is to try the same combination of username and password at Facebook, online banking accounts, or any other personal accounts you have. Some hackers such as LulzSec have been publishing databases of consumer data to the public, which typically include emails and passwords. While some people are wise enough to create unique passwords for each single site they register with, however, most Internet surfers still use the same passwords for multiple sites.

How can you tell know if your email address has been stolen and published for the world to see? ShouldIChangeMyPassword is a website made available as a public service that checks your email address against a large database of stolen online accounts released on the Internet by criminals. If it finds your email address in the database you get a warning. This not necessarily a perfect system because the website is only as good as their database of compromised accounts and some malicious hackers don’t release the stolen data and would rather use the hacked data and make money off them. The site is updated whenever a new database of leaked passwords is made public. Given that most people re-use their passwords, this site allows the average person to check if their password(s) may have been compromised and need to be changed.

Recently, my neighbor had his email address and password leaked on the Internet and ShouldIChangeMyPassword  successfully detected it and provided him with information on which the details were leaked onto the Internet. Fortunately, he was able to make changes to his email accounts and passwords and beef up his email security to prevent any damages.

When it comes to email security, create unique passwords for each single site, change your passwords often, and don’t forget to use email encryption to protect confidential data.

Posted in Email Encryption, Email Security | Tagged , , , , , , , , , , , , , , , , | Leave a comment

Strong and Unique Passwords: A Critical Component to Email Security

Posted on July 6, 2011 by tnguyen

Since much of our daily activities are spent online, passwords are the keys to your digital life. They safeguard everything from email accounts to our favorite shopping sites and even to our bank accounts. And with all our various online accounts, we can have dozens of different sites that require passwords we have to remember. In order to protect your data and yourself against cybercrime, it is critical to use strong and unique passwords for each site. 

Amazingly, according to the book “Perfect Password: Selection, Protection, Authentication”, about 50% of passwords are “based on names of a family member, spouse, partner, or a pet”. To make matters worse, the majority of people use the exact same password for all their online accounts. This can be a costly mistake. All it takes is one hacker and one weakly protected site and your key to all your online accounts, including email and financial accounts, is exposed to identity theft and fraud. Email is the leading component that criminals use in order to steal sensitive data since it is the easiest entry point for access to confidential data. Even if you are careful with your computer security, your email address can be hacked or stolen if a third party where you were using the same password for multiple accounts is compromised. If hackers gain access to your email, they could potentially gain access to all your other accounts. In addition to using email encryption to send encrypted messages, having strong unique passwords is critical to email security.

If there are lessons to be learned from the recent data breaches, it’s the value of email security and having strong and unique passwords. For example, after the hacker group LulzSec hacked into the websites of the CIA, PBS and Sony, it posted the email addresses and passwords of 62,000 compromised accounts on the Internet for the world to see and it was revealed that most victims used email passwords that were easy to crack such as “coffeecup,” and “kindle.”  Keep in mind that cyber criminals use sophisticated tools that can easily decipher passwords and can predict commonly used words. The ideal password should be long, unintelligible and nearly impossible to predict. However, strong passwords are hard to remember, which is why so many people end up with easy ones or reuse the same password for multiple accounts.

 Here are some email security tips and how to pick a password that’s hard to hack:

  • An ideal password is long and has letters, punctuation, symbols, and numbers–the greater the variety of characters in your password, the better.
  • Use mnemonics. Pick a personal sentence and take the first letter of every word to create a password and add a number or special character for extra security.
  • If you need password ideas, try using a random password generator that you can find by doing an Internet search.
  • Avoid creating passwords using simple words or common phrases, misspellings, and abbreviations. Also avoid sequences or repeated characters (i.e. 12345678, 222222, abcdefg, adjacent letters on your keyboard (qwerty), or personal information (i.e. name, birthday, address, driver’s license).
  • The easiest way to manage your passwords is to write them down and keep them in a secure place.
  • If you can’t remember passwords and don’t like having to document every password, use password-managing software such as LastPass that encrypts and stores all your passwords. Some will automatically plug in your password at the appropriate sites and they’re usually free or charge a small monthly fee.
  • Try measuring your password strength using this useful Microsoft test.

Again, make sure you create a strong and unique password for every online account, especially for bank accounts and sites that store your credit card information and change passwords every few months. Having email security and using strong and unique passwords are important protections to help you have secure emails and transactions. We are all creatures of habit and it would be much easier to use the same simple password with every account but just think if your password was compromised – how much information could a hacker steal from you and all the malicious things they can do with your personal data.

Posted in Email Encryption, Email Security | Tagged , , , , , , , , , , , , , , , , , , , , | 5 Comments