How to Secure Your Email for Remote Workers

May 20, 2020

10:00-11:00AM PST

With the novel coronavirus forcing thousands of people across the country to work remotely, there has been a massive wave of phishing attacks aimed at stealing employee information. The scammers have been more effective in these latest attacks than we have seen in years. One issue that some companies are encountering is that a home computer security network is significantly different from the office cybersecurity systems, and personal computers are often less secure. There has been a number of CEO impersonation emails, luring employees to fake websites where they give out personal information. The scammers have been impersonating health officials like the CDC and the World Health Organization (WHO). These tips can help you and your employees stay safe from phishing emails.

Two-Step Authentication

One way to help keep your company information secure is to require two-step authentication on all email accounts and applications. This is one of the best ways to help reduce the risk of phishing scams. With two-step authentication, you not only have to enter your password, but you also have to have a code sent to a specific phone number and you cannot log on until you have input that code correctly.

Many applications and programs are offering this now because of how much it reduces the risk of an account being hacked, even if your employee accidentally clicks on a link they should not. A password can be cracked, and for a good hacker, it can be cracked pretty easily, this just adds another layer of protection to make it a little bit harder for someone to steal your information.

Use a VPN

A Virtual Private Network (VPN) is software that can be used on home and public wifi to encrypt data even when you are using a public internet signal. A VPN will authenticate your information with the firewall in your network before anything is sent through it. This is especially important for a company that has employees handling sensitive data because it encrypts all of your data.

It is a good idea to have a VPN set up for your employees when they are working remotely because it can prevent hackers from accessing any of your company information, whether your employee is working at home or at a cafe — once things reopen.

Safeguard Your Email Accounts

Email is how most hackers will reach out to attempt to scam you to steal your information. An email encryption service can be a big help with keeping your communications safe.

Encrypted Video Conferences

There have been a lot of issues with video conferencing services since the pandemic forced so many people to work from home. Zoom especially has had hackers find their way into a video conference and disrupting the meeting; there have been accounts of "Zoombombers" showing pornography during a meeting, calling people racial slurs, and just being generally disruptive.

The best way to avoid things like this is to use a paid video conferencing service; they are usually a little more secure than Zoom. If you are using something like Zoom, check the privacy settings for the meeting before the meeting begins to make sure only those you invite can join the meeting. Another option is to protect your video conference meeting through Trustifi.

Anti-Phishing Training

Some people do not know how to recognize a phishing email when they see one. Take the time to show your employees some of the telltale signs of a phishing email and show them what to do if they see an email that appears suspicious. Great training that we recommend is provided by Lucy Security.

Anti-Virus Software

Good anti-virus software can get expensive; however, if you provide it for all of your employees and keep it up to date if someone does accidentally click on a malicious link or download an attachment from a suspicious email, there is a better chance that the virus may not work its way into your system. If you have good virus protection, it should catch a virus before it is even downloaded, and it can warn you when you click on a suspicious link that it may not be a safe website to go to.

Require Strong Passwords

While we may not like having elaborate passwords because they can be annoying to keep track of, they exist for a reason. Approximately 75 percent of people in a poll said they "use the same passwords for multiple accounts, and a high percentage of people haven’t changed duplicate passwords in over five years."

A weak password is a hacker's best friend. Have your employees use a strong password to keep hackers at bay. You can use a password generator to create completely random and strong passwords, but if they are annoyingly elaborate, your employee will need to write them down, and there is a good chance it will be saved somewhere on their computer.

 For a strong email encryption service that can help keep the phishers at bay, contact Trustifi today to learn what we can do to make your business more secure.

  

References

Sundar, Venkatesh. “How to Maintain Security with Remote Workers?” Indusface, 7 May 2020, www.indusface.com/blog/maintain-security-remote-workers/.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Identifying Phishing Email Scams: What to Look For

May. 20, 2020

1:00-2:00AM PST

Whether you have opened them or not, you have probably received at least a few emails that seem to be from your bank, the IRS, or another organization that has important information about you. They may claim your account has been blocked, or something needs to be updated because of a change to their policy. The email usually has a link to click to correct the error they are claiming exists or to verify your identity, and from there, they want you to provide personal information like your Social Security number or a certain password. These emails are phishing scams.

These emails are created by hackers and the links in them will lead you to fake websites — that usually look close to the real thing — in an attempt to steal your information. Just by clicking the link, you may be putting your information in danger; the links often bring viruses with them and can also put malware and spyware on your computer. Hackers have been working on their techniques for years to prey on unsuspecting victims to steal their identity and bank information. Unfortunately, this can sometimes make these emails difficult to recognize right away. 

Recognizing Phishing Attempts

While it can sometimes be difficult to tell at a glance if something is a phishing email, there are a few telltale signs that an email is a phishing scam. Here are a few things to look for when you receive a questionable email.

The “From” Address

One sign that an official-looking email is phishing is the email address it came from. If you look closely at the email address, it usually has a Gmail or Yahoo ending, or a similar one using like-letters. For example, a phishing email that claims to be from US Bank might have email@vsbank.com. Notice the "U" is actually a "V." This is a little trick of the eye that a scammer will use to make it seem like a legitimate email. If you ever think an email address is questionable, do not follow the link. You can always call the organization the email claims to be from to check if the email is indeed legitimate.

Urgent Call to Action

A scammer may try to use an urgent call to action to scare you into clicking on the link in the email without thinking. These types of messages may:

  • "Say they’ve noticed some suspicious activity or log-in attempts”
  • "Claim there’s a problem with your account or your payment information”
  • "Say you must confirm some personal information”
  • "Include a fake invoice”
  • "Want you to click on a link to make a payment”
  • "Say you’re eligible to register for a government refund”
  • "Offer a coupon for free stuff"
  • Claim an account will be closed if you do not act now

Generic Greetings

Phishing emails are usually generic because they are created to be sent out to hundreds, if not thousands of people all in a single batch. They also typically do not have your name, just your email address, so they cannot personalize an email like the real organization would do.

Emails that start with "dear customer/member" and things along those lines may be a phishing attempt. Most businesses these days will address you by name if they have your name.

Poor Spelling and Grammar

Businesses usually have decent spelling and grammar in their emails to customers, because it is professional, and if something is filled with poor spelling and grammar, it is hard to read, and you will probably not read them. A phishing email is usually full of spelling and grammatical mistakes, making this a potential sign that the email you are looking at is a scam.

Inspect the Link

When you hold your mouse over a link in an email, the full link will be displayed in the bottom left corner of your screen. If you are on your phone, you can press and hold your finger down, after a few seconds a box should pop up in the middle of your screen that displays the full link. Here is where it gets tricky; just like when they make the return email appear to be real by using slight spelling tricks, they can deploy that strategy here too, using phony websites that look like the real URL.

To use our US Bank example again, you may see the link displayed as “uvbank.com,” “usbnk.com,” or “usbnak.com.” The letters have been changed, removed, or transposed in these three examples. If you were to quickly glance at the link without scrutinizing it, you might not realize the mistake.

The Promise of Money

There are a few variations on this type of scam email. This may be the longest-running type of internet scam out there because it works. In 2018, Americans lost over $700,000 to this type of scam, according to a report from ADT.

You receive a random email that tells you a sad tale about this person who has a large sum of money and for just a small payment from you, they can access it and will share it with you. If you pay it, they may invent further fees they need help to get to the money, but they promise they will pay as soon as possible. These people will take as much money from you as possible then vanish forever.

Another version asks for your bank account information to transfer their large sum of money to you to keep safe on their behalf; victims of this scam often end up with empty bank accounts.

Yet another version is some distant relative you have never heard of has died and left you a considerable amount of money. The person sending the email needs something from you before they can send you your inheritance.

What to do if You Get Scammed

If you think you may have fallen victim to a scam, there are a few things you can do:

  • Run a virus scan on the computer you opened the email from.
  • Change your passwords on a different device than the one you opened the email from.
  • Contact your bank.
  • Report the scam to the FTC.

Tips to Protect Yourself

To help avoid falling prey to email scams, do not click on any links that may be suspicious or download attachments in emails. Take a moment to scrutinize any email you get that may seem suspicious, following our criteria above.

You should feel safe when you check your email, and one way to do that is to contact an email security service to give you an extra layer of protection.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

How to Start Using Encrypted Email Communications

May. 08, 2020

5:24AM PST

If you've decided to protect the content of your emails better to keep yourself and your clients safe from scams, hackers, and data breaches; congratulations, the important first step is done! However, you may be unfamiliar or unsure of how exactly to start using encrypted email communications, which is why it’s essential to differentiate between the two different primary types of email encryption available; S/MIME and PGP/MIME. Both have their benefits and drawbacks; because of this, it’s a matter of personal preference on which form of encryption is the best or most accessible fit for you or your business. 

S/MIME Encryption

S/MIME encryption relies on a centralized authority to pick the encryption algorithm and is a popular method of encryption simply because it’s already built into some large party email platforms such as Google, iOS, and Outlook. S/MIME supports both digital signature and message encryption. Although a digital signature can authenticate a sender and provide data integrity, it does not equal encryption. A message with a digital signature can still be read by anyone, which is why digital signatures support the integrity of the message but do not render the content unreadable. Adversely, encryption ensures that no one other than those intended can read the message, but does not provide data integrity, meaning that an encrypted email could still come from an unidentified or unauthorized source. It’s due to the shortcomings of encryption and digital signatures that the combination of both together is vitally important to the overall security of an email. Because the two are not mutually exclusive, complete email security that encompasses both integrity and confidentiality requires the use of both encryption and digital signatures simultaneously. 

PGP/MIME Encryption

One of the benefits of PGP/MIME encryption is the ability to create your own key code. Since PGP uses both symmetric and public-key encryption, it gained popularity. It is considered a highly beneficial service for businesses with a large clientele base for its ability for users who have never met to exchange encrypted messages without the need to share private encryption keys. But while PGP encryption is widely regarded as the most secure option, the use of this method in and of itself is not very user friendly. PGP encryption often requires training to learn how to incorporate it efficiently, as incorrect use can create holes in security. 

However, if you want to start using encrypted email communications, there are more simple solutions available. If you do not use one of the above-mentioned email platforms that contain inbuilt S/MIME encryption, then you may require a third-party tool to encrypt your emails. Providers such as Android, Yahoo, or AOL are compatible with both S/MIME and PGP/MIME encryption, but require third-party platforms to put that encryption to use. 

Additional benefits of third-party platforms such as Trustifi is the extra protection of email not only by the sender but also on the recipient's ends. Once the reader has successfully opened an encrypted email from a source that they are sure is legitimate, they can also respond back to the email through a pre-existing platform. For example, if you are using Outlook, the Trustifi app is already built-in, so you can easily respond using Outlook. This enables total, NSA-grade protection that encompasses senders and receivers alike. There are numerous sources to choose from when it comes to third-party encryption, most are easily accessible and user-friendly, and most importantly, they provide a trustworthy service that guarantees privacy protection for senders and recipients of email messages and attachments.  

Resources

https://docs.microsoft.com/en-us/previous-versions/tn-archive/aa995740(v=exchg.65)

http://www.pitt.edu/~poole/PGP.htm

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

How to Detect Scam Emails and Block Odd Senders

May. 7, 2020

1:44AM PST

The worldwide outbreak of Coronavirus has caused a massive influx of internet scammers sending out phishing emails to the general public. Google recently stated that they have been blocking approximately 100 million phishing emails every day. That is an outstanding and concerning number, which leads experts to believe that COVID-19 may now be the biggest email phishing topic ever to have existed. Cybercriminals are sending out mass amounts of emails posing as companies who are trying to encourage individuals to donate to pandemic-related causes or pretending to be government institutions in an attempt to capitalize on the increase of unemployment benefits applications. With the news of the pandemic being an opportunity for scammers, it’s more important now than ever to make sure that you are fully protected online.

Cybercriminals use phishing as a way to gather personal or sensitive information from an individual, often through false emails that appear to be legitimate. There are some best practices to use when avoiding phishing emails, but in order to ensure that you are protecting yourself online, it’s also important to understand how to detect scam emails and, if you do detect a scammer, how to block them so they are unable to reach your inbox.

The primary issue with previously discussed best practices for detecting scams is that fake emails are becoming increasingly difficult to distinguish from the real deal. Oftentimes, cybercriminals have become so practiced that an unwarranted phishing email is almost unrecognizable, particularly to the average person or an untrained eye. Scam emails will use the company's logo and will present the content to look almost identical to one that would come from the company itself. However, there are usually a few telltale giveaways to look out for. For example, an email that uses a generic name instead of addressing you directly or one which asks you to follow a link to fill out personal information are signs that something is amiss.

There are also measures you can take by changing the settings of your email to make it easier to spot malicious practices. A simple best practice to implicate is to employ but very helpful is to disable the HTML setting on your email platform. HTML essentially embeds links in an email so that the URL is disguised or hidden. Scammers will often trick recipients by embedding a link to disguise a fake website or pop-up. By disabling the HTML setting, you can see the URL you are clicking on, which ensures the link you are following is taking you to the webpage you were intending on visiting.

What happens if you discover a scam email?

The simplest thing to do if you think that a cybercriminal is trying to scam you is to block the sender to disallow any further emails from the same source from coming into your inbox. The benefit of some third-party email security platforms is that they contain whitelisting and blacklisting options which allow you to easily determine which senders you would like to allow emails from, and which senders you want to ensure cannot reach your inbox. If you do discover a phishing email, it is also a best practice to notify your email provider so that they can further investigate and potentially put a stop to the cybercriminals behind the scam.

If trusting yourself to spot a scam email isn’t quite enough security for you, there are extra steps you can take to catch phishing. In order to increase your security, it’s a good idea to download a program that can intricately filter out potential scam emails. Because cybercriminals are now so proficient in creating content that looks almost unrecognizable as illegitimate, relying on your own ability to catch a scammer can be unreliable. These third-party email security platforms prevent any potential scams from reaching your inbox, so there is a significantly decreased likelihood of a phishing email showing up for you to read. Third-party programs that search your incoming mail (and sometimes your inbox as well) are the most efficient way to make sure your online security is being adequately protected.

Resources

https://www.bbc.com/news/technology-52319093il

https://www.sciencedirect.com/book/9780128001103/detecting-and-combating-malicious-email

https://trustifi.com/cybersecurity-best-practices-how-to-stop-phishing-emails/

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

How to Open a Secure Email in Outlook and Gmail.

May. 6, 2020

1:44AM PST

Despite what many of us may like to think, emails that you are sending and receiving are not necessarily always guaranteed to be secure. While we may want to believe that any confidential information is protected, online security is not always promised, particularly if you are using a larger email service like Gmail, Yahoo, or Outlook. If you want to learn more about increasing your online privacy and setting up a secure email account, head over to our site. But what if, instead of being the sender, you are on the receiving end of a secure email?

Fortunately, there are ways that you can send and receive secure emails using larger servers. Both Gmail and Outlook have built-in encryption methods that allow messages and attachments to be sent securely. If you are the recipient of the email, there are easy steps that you can take to open emails sent to you that are encrypted or secured by the sender.

Opening Secure Emails in Gmail.

Gmail has introduced a confidential mode that allows users to protect the content of email messages from unauthorized access. According to the Google support website, the confidential mode allows senders to “set an expiration date for messages or revoke access at any time. Recipients of the confidential message will have options to forward, copy, print, and download disabled messages.” If you receive an email through the Gmail platform that has been sent with confidential mode, reading it is fairly simple. You can view the email and any attachments for as long as the sender allows access, or until the expiration date. Additionally, a passcode may be required from the sender to open the email.

Opening Secure Email in Outlook

Outlook has options that use either S/MIME or Microsoft 365 Message encryption to protect the privacy of their users. For Office365 users, opening secure emails is relatively easy. Outlook authenticates recipients by sending encrypted messages as attachments, which then require the reader to sign-on using their organization's credentials or entering a one-time-only password to access the contents of the email.

However, even though Gmail and Outlook’s decryption processes are simple, there is one glaring issue; they only work if you are sending and receiving email on the same platform. If you want to decrypt and email that has been encrypted using a different method or program, the process is a bit more complicated. One option is to access the email using a one-time authentication code that is shared via a separate means (for example, over the phone), but this method can be extremely inconvenient if you have a number of clients who require regular access to encrypted email messages and attachments. The second option is to use a program that easily allows email decryption. 

 

It’s safe to make the assumption here that it is unlikely all clients and businesses will be using the same platforms to send and receive emails, which is why secure email integration is often considered to be too much of a hassle. However, there are third-party programs that make opening an encrypted email from a sender simple and user-friendly. The recipient of the email does not have to use the same program. To open an encrypted email, you click on a link that which leads to a two-factor authentication process, once this is completed, the email can be read and also responded to securely.

 

Gmail and Outlook have integrated S/MIME encryption into their programs so that senders can successfully encrypt emails, but unfortunately, this doesn’t provide a solution for those who do not use their services. Thankfully, third-party email security platforms have created a user-friendly solution to this problem, which makes secure-email access all the more accessible to everyone that wants to take measures towards protecting sensitive content or personal information.

 

Resources

“Encrypt Email Messages.” Outlook, support.office.com/en-us/article/encrypt-email-messages-373339cb-bf1a-4509-b296-802a39d801dc.

“Send & Open Confidential Emails - Computer - Gmail Help.” Google, Google, support.google.com/mail/answer/7674059?co=GENIE.Platform%3DDesktop&hl=en.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Cybersecurity Best Practices: How to Stop Phishing Emails

April. 30, 2020

1:44AM PST

You’ve probably heard the term “cybersecurity” before, but do you know what it actually means? To put it simply, cybersecurity is the process of defending your computers and electronic devices from attacks such as malware, viruses, and phishing. While viruses and malware are pesky problems that can wreak havoc on your devices, phishing is a particularly nasty form of cybercrime that you should learn how to protect yourself against.

What is Email Phishing?

Phishing is a process that cybercriminals use to steal identities and personal or financial information. Most often, the theft process happens through email phishing, where phishers send legitimate-looking emails (sometimes including links or pop-ups) that ask for sensitive information. The goal of these emails is to trick people into providing personal and financial data. It’s essentially a very sneaky form of online theft. So, how do you protect yourself from phishing emails?

Easy Ways to Avoid Email Phishing

The first and most obvious step is always to be wary of any emails that you open. Pay attention to the small details, like the email address of the sender, particularly if the email is asking you to provide sensitive information. If you think that an email may be phony, delete it and don’t respond. Additionally, never click suspicious links or open attachments, and certainly don’t fill out any information. Remember, legitimate companies won’t ask for personal information via a link or a pop-up window. If you have doubts about the legitimacy of an email, go directly to the source instead. Additionally, always verify a site’s security before you enter any personal information. To ensure that a site is secure, check that the URL starts with “https” and that there is a padlock icon in the address bar. 

It’s also a good idea to make sure that you are keeping your browser up to date. Popular browsers will release security updates to prevent loopholes that cyber scammers may find and exploit. Each time you receive a notification about updating your browser, you should do so immediately.  

What more can you do?

If you are taking all these precautionary measures but are still concerned about your online security (rightfully so!), it may be a good idea to install an email filter. These filters will scan for spam and stop phishing emails from reaching your inbox. Alternatively, you could try installing an anti-phishing toolbar (available as a browser add-on or plugin), which will alert you if you click on a malicious website. 

Another best practice to stop phishing emails is to make sure that you are using firewalls to shield your computer or network. There are both software and hardware firewalls available, so it’s a good idea to do some research on which type you think would benefit you. There are pros and cons to both types of firewall protection, but either one will sufficiently assist you in stopping email phishing. 

Phishing is, at best, an annoyance that we could really do without. But, at its worst, it has the potential to lead to serious identity and financial theft. It’s always a good idea to put best practices in place to protect yourself from phishing scams and stop phishing emails. Make sure that you take advised precautionary measures to keep your online security protected. And, if you want the added protection, Firewalls, email filters, and anti-phishing toolbars are all great ways of building extra security layers to help stop email phishing. Take a look at the services we offer to help keep your business email secure!

 

 Resources

KnowBe4. “10 Ways to Avoid Phishing Scams.” Phishing, www.phishing.org/10-ways-to-avoid-phishing-scams.

“The Phishing Menace and Ways to Protect Your Online Identity.” Cyberoam, www.cyberoam.com/phishing.html.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

How To Send A Secure Email Attachment

April. 30, 2020

1:44AM PST

In a previous blog post, we talked about how most larger email providers aren’t properly protecting your security, which can leave private and sensitive information vulnerable to attack by cybercriminals. If cybersecurity is something that concerns you, particularly when it comes to defending the content of your emails, then you may have decided to take measures that will better protect you by switching to a more secure email provider. If you have; great! It’s a good idea to enhance your online security as best as you can. 

However, while secure email providers may be protecting the information included within the actual message, what about attachments? You see, email attachments are often where the most sensitive information is included. We often email paperwork such as financial documents, mortgage agreements, health records, or other extremely sensitive information as an attachment to an email, and not as part of the email itself. This means that it’s equally important you know how to send a secure email attachment, but most of the resources out there are full of inaccessible tech jargon that can be difficult to understand. So, here’s a simple breakdown of ways to make sure that your email attachments are secure. 

Why Encrypt your File Attachments?

 Here’s the catch; many secure email providers only encrypt your actual email messages and not the attachments that are sent with them. Encryption is, in its simplest and most understandable form, a way to scramble data so that it can’t be read by anyone who you don’t want to read it. It’s important to take steps to encrypt your attachments so that they are unreadable by outsiders and don’t leave you or your clients vulnerable to cybercrime. You need to make sure not only that any attachments you send cannot be intercepted along the way, but that the intended recipient is the only one who can open and read the email. 

How do you encrypt an email attachment?

 There are a few different options when it comes to encrypting email attachments so you can send them securely. There are two main types of encryption that you may have heard of before. Public-Key Encryption, such as PGP (or Pretty Good Privacy), is a popular type of encryption that can be used to scramble sensitive files and render them unreadable, so you can send them securely. Essentially, Public-Key Encryption requires two sets of keys which can be used to decrypt the email on the receiving end. One key is publicly available, while the other is private and shared only between the sender and the receiver. This type of encryption is popular, as it can be done remotely without ever having to meet the person to exchange keys.  The second form of encryption is Symmetric-Key Encryption (such as AES 256), which also involves the use of a key to encrypt the email, but there is only one key used. The sender must share the key with the recipient prior to the email being sent. 

 You can learn how to send and receive secure emails and attachments without the use of a third-party provider, but it can be much more complicated than it needs to be. The best way to encrypt your email attachments is to use a program that does all the heavy lifting for you and makes the process much simpler and more user-friendly. 

 There are programs that can be easily downloaded that utilize either Public or Symmetric Key Encryption to allow you to send a secure email attachment. Some programs work directly with your email provider, while others may involve you scrambling the document you want to send prior to attaching it to the email. With a small amount of research, you can choose a program that suits your needs and use it to ensure the online safety of both you and your clients.

Resources

Becker, Ralf, and Hadi Nategh. “PGP vs. S/MIME.” EGroupWare, www.egroupware.org/wp-content/uploads/2017/04/EGroupware_smime.pdf.

Braun, Andrew. “PGP Encryption: How It Works and How You Can Get Started.” Make Tech Easier, 23 Apr. 2018, www.maketecheasier.com/pgp-encryption-how-it-works/.

“How to Encrypt Email Attachments.” Virtru, 19 Oct. 2019, www.virtru.com/blog/how-to-encrypt-email-attachments/.

“How to Send a Secure Email Attachment.” Trustifi, 20 Dec. 2019, trustifi.com/how-to-send-a-secure-email-attachment/.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

5 Steps for Identifying Secure Email Providers for Your Business

April. 30, 2020

1:00-2:00AM PST

No matter your reasons for choosing an email provider, it’s probably safe to assume that you want to rely on their services to provide a high level of security when it comes to your privacy. However, if you are using a mainstream email provider (such as Gmail or Yahoo), it’s a common misconception that your account is actually private. You set up a password, and although you access your email through the internet, it often doesn’t occur to people that the privacy of their inbox is not being respected. 

While many people who use their emails for everyday life and non-business related matters may not be overly concerned about the insecurity issues related to larger email providers, those who rely on their email for more personal matters, or as a business tool, should definitely seek to increase the security levels of their emails. But deciding to switch your email provider is only the easy part, actually choosing a secure email provider can be a daunting task, especially if you aren’t overly tech literate. So, we’re here to help you identify the steps you can take towards picking the correct secure email provider for your business.

  1.     Identify what’s important to you

The first step in picking a secure email provider for your business is to identify the features that are most important to you. Some companies (particularly those handling sensitive financial information) will want to choose a provider who can deliver the absolute highest level of security possible. Other companies may be willing to sacrifice some security measures for features such as how user-friendly or accessible the platform is. 

  1.     Is the provider “client-friendly?”

This is a big consideration for those who are sending emails to a large number of different clients. Some secure email providers are not compatible with third-party email. While this is a good security feature, it may also be extremely inconvenient and unrealistic, so it’s a good idea to pay attention to whether or not the provider you choose can be used with third-party email clients.

  1.     Level of Security

While it may be a common misconception to think that a secure email provider will automatically be, well… secure, there are different methods by which the security is actually provided. For example, you may want to research the differences between companies when it comes to, say, types of encryption; are emails encrypted in transit or at rest?

  1.     Where is the service located?

The jurisdiction of an email provider can matter when it comes to security. You may never have thought to research email security based on where the provider is located, but it is worth looking in to. Different privacy laws in different countries can have an effect on how secure a provider’s services are. For example, there are a number of highly recommended secure email providers located in Germany and Switzerland, where privacy laws are stricter than in the United States. 

  1.     Supported features.

For many people, switching from a provider they are familiar with is an unwelcome hassle. If you decide to switch to a more secure email service, it would be wise to check how easy it is to, say, import existing emails, or whether or not they provide user-friendly features like calendars and contact lists. 

If you’re running a business it’s critically important to ensure that the privacy of both your company and, most importantly, your clients are protected. Shopping for a secure email provider can seem like a daunting task. The good news is there’s plenty to pick from, so follow these simple steps, and with a little time and research, you’re sure to find one that fits your needs

Resources

Crane, Casey. “How to Send Encrypted Email on 3 Major Email Platforms.” Hashed Out by The SSL Store™, 3 June 2019, www.thesslstore.com/blog/how-to-send-encrypted-email-on-3-major-email-platforms/.

Kaufman, Lori. “The Best Free Ways to Send Encrypted Email and Secure Messages.”, How-To Geek, 12 July 2017, www.howtogeek.com/135638/the-best-free-ways-to-send-encrypted-email-and-secure-messages/.

Taylor, Sven. “12 Best Private and Secure Email Services.” Restore Privacy, 29 Dec. 2019, restoreprivacy.com/private-secure-email/.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Coronavirus Cybercrime Increasing during Pandemic

April 01, 2020

10:00-11:00AM PST

Coronavirus cybercrime is yet another thing to worry about in this time of massive disruption. Criminals are attracted to chaos—we wrote about how the Wuhan Coronavirus was creating fraud opportunity here and indeed, the FBI and other law enforcement and security firms have issued a coronavirus cybercrime warning. They are seeing an increase in phishing scams and other digital cons targeting major coronavirus information sources and work-at-home employees.

Coronavirus Health Email Scams

Law enforcement agencies are seeing an increase of coronavirus phishing scams as part of the overall coronavirus cybercrime wave. Here are two prominent examples:

  • World Health Organization. Criminals posing as Tedros Adhanom Ghebreyesus, Director-General of the United Nations organization, asks for login information, offers an infected email attachment, asks for direct donations, and directs people to a bogus WHO website for harvesting information.

Expect to see coronavirus cybercrime scams expand to other federal government, state, and local organizations. Hospitals, clinics and even individual doctor’s offices can be easily impersonated. Criminals may demand you give up information in order to register for tests or enroll in treatments, in addition to other bogus offers.

Stimulus Money—Crooks Hope to Attract the Greedy and Uninformed

The $2 trillion stimulus package that was just enacted is perfect for cybercriminals. It is long, hard to read, confusing, and dangles a whole lot of money. It’s perfect fraud bait. With a public scared, needy and greedy, you have a good pool of potential victims. Expect to see all sorts of falsely “official” emails asking you to register your business to receive cash, or to sign up as an individual to get a check deposited directly into your bank account. You or your business will never be legitimately contacted by any state, local, or federal organization with unsolicited emails asking you to click on anything, go to any web site, download any attachment, call any phone number, or give away any personal information in order to get benefits.

Work from Home—Your Business and Employees Are Targets

A common coronavirus cybercrime circulating during this time of workplace disruption comes as a phishing email that says a person in your company tested positive for COVID-19. You are directed to download a document to open, read and print to get more information. If you do that, you will be downloading spyware and ransomware that could hobble a machine or an entire network.

Protect Yourself from Coronavirus Cybercrime

Let your employees and loved ones know that coronavirus cybercrimes are running rampant. Email should be viewed with extreme suspicion during this time. And if you haven’t installed software that protects your email systems, now is the time to add it.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

General Data Protection Regulations: 160,000 Data Breaches and Counting

January 30, 2020

10:00-11:00AM PST

Authorities report over 160,000 data-breach notifications have been filed since the European Union enacted the General Data Protection Regulation (GDPR) that started 25 May 2018. That averages out to 278 breach notifications a day.

 

U.S. companies are directly impacted by this regulation if their websites are accessible and targeted to EU visitors, meaning;there are options to change languages to a European language or you can adjust denomination to a European denomination. The lawallows for no exceptions; not for size of firm, type of data collected, or scope of activities. If your firm is found to be in violation of the law—even if you are just selling hand-knitted mittens or offering a free download of a white paper—EU authorities can fine you up to four percent of your global revenue. They may not be able to easily collect from small U.S. businesses, but enforcement will certainly cause headaches for any business operating internationally.

 

What Personal Data Must be Protected

  • Personal identification data including name, phone, address, email, ID numbers
  • Photographs
  • Social media posts
  • Racial, cultural, sexual, or ethnic data
  • Bank and other financial details
  • Medical, biometric and genetic data
  • Website data: location, IP address, cookie histories and RFID tags

 

Selected GDPR Requirements

We advise you to review the specifics of the GDPR with an attorney and your IT leaders. Some of the key requirements include:

  • Asking visitor for their consent to collect data
  • Getting explicit opt-in to data use in profiling, advertising, etc.
  • Providing an opt-out of future emails option
  • Offering a privacy notice about data collection, use, and protection
  • Mandatory reporting of breaches

 

Why It Matters to US Companies

U.S. companies need to comply with the GDPR, but that is not the only reason to focus on privacy protection issues now. Various states have begun enacting a patchwork of regulations that affect their residents, impacting any company that hiring or doing business in those states. Notable recent regulations include New York’s SHIELD Act for protecting employee information, California’s Consumer Privacy Act, and 201 CMR 17.00 Standards for the Protection of Personal Information in Massachusetts.

 

Cyber-security is costly to your reputation and your business. With increased regulation, you face more than the cost of the crime, but also the costs of litigation and fines. If you haven’t done a complete compliance audit yet, now is the time to get started.

 

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization