Security

6 Steps for Personal Email Security in 2020

Many users are versed in the basics of email security because of company or employer licensed software & security practices.  Usually consisting of alphanumeric passwords that need to be changed every 30-90 days.  Typically, anything above and beyond that is managed by the IT department.  Chances are you don’t store personal data on work servers, so your risk profile is smaller relative to a data breach.  “Not my info not my problem.”

But what does your personal email security look like?

Most of us have unknowingly amassed a massive footprint of personal information that encompasses all aspects of our lives and choose to keep it stored in an extremely vulnerable centralized repository; our personal email address.

Here’s a quick glimpse of what you likely have sitting in there right now:

  • Who you are:  TurboTax, HR Block, IRS
  • Who you know:  Facebook, Twitter, YouTube, personal communications & contacts
  • What you buy:  Deal Sites, Amazon, eBay, Etsy, Craigslist
  • What you do:  Calendars, Schedules, Reminders, Alarms
  • Health History:  Prescriptions, conditions, appts,
  • Payment accounts:  Mortgage, Insurance, Utilities, Services

Years, sometimes decades of data all wrapped up in a big red bow just waiting to be explored.

But don’t panic, the road to strong personal email security is less complicated than you think with these 6 Simple Steps:

  1. Unroll
  2. Archive
  3. Delete
  4. Reassign
  5. Secure
  6. Rotate

Let’s get started.

Unroll

Whether you have a single personal email account or several, it’s time to clean house.  Unroll each email account, folder, sub-folder, archive and junk.

Archive

Go through each section and archive, download, or save the emails you want to keep.  Best practice would be to save to an external hard drive, specifically the communications that contain sensitive data.

Delete

Next step is to go through and UNSUBSCRIBE FROM EVERYTHING.  Make a list of the ones you want to re-subscribe to later when once you’re finished.  Anything that can’t be unsubscribed from, block and delete.

Reassign

Now we need to create new unique email addresses and passwords for each account, service, subscription, etc. that you will use moving forward.  For example:

  • Carinsurance@google.com
  • Mymortgage@google.com
  • Bankemails@google.com
  • Verizonbill@google.com

*CREATE A DIFFERENT UNIQUE PASSWORD FOR EACH NEW ACCOUNT

Doing this reassignment will mitigate the damage caused by a hack or breach by creating secure data containers separate from your other segments decreasing the amount of information available to a hacker significantly.

Secure

Now the new email system is in place, it’s time to secure each account with Two-Factor Authentication (2FA) using an authenticator application like Google Authy or Duo by Mobile on your phone or mobile device.  This second layer of security will prevent unauthorized access even if someone steals your password, because you and only you hold the authentication key.

Rotate

Lastly, implementing a self-imposed password change schedule for each unique account will create a moving goalpost effect, making it even more difficult for password cracking software that’s currently being used by would be hackers to breach accounts.  This can be done with solutions like 1password and LastPass.

At first glance it may sound complex or time consuming, but it is guaranteed to be less painful than the process and experience that follows being the victim of a breach or identity theft.

Contact EXP Technical with questions and for more info on email best practices see our previous posts here:

Password Management

Protecting Your Email Identity

Multi-Factor Authentication