Your internet search and browsing history can be seen by search engines, web browsers, websites, apps and hackers. You should protect your search and browsing history
You use your email address for a wide variety of things such as when you’re shopping or setting up an online account. Because your email is linked to so many different accounts, securing it is crucial to keeping your other accounts safe, since most password resets are sent to your email address.
To make your email more secure you should create a strong password, enable MFA and always log out of your account. If you’re not taking the steps necessary to secure your email, you’re placing your accounts and data at risk of becoming compromised.
Here are a few of the steps you should take to make your email more secure.
1. Use a Strong, Unique Password For Your Email Account
The security of your email account starts with your password. The passwords you use for different accounts should each be strong and unique. If they’re not, they’re more vulnerable to being hacked. Strong passwords are both long and complex. Your password should be at least 16 characters and contain upper and lowercase letters, numbers and symbols.
Keep in mind that your password should not contain any Personally Identifiable Information (PII) such as birthdays, anniversaries, your mother’s maiden name and so on. It should also not contain any dictionary words as these words can be cracked using dictionary attacks. The more random your password is, the better and more secure your account will be.
If you have a hard time coming up with strong, unique passwords yourself, try using a password generator to help you create strong passwords. Don’t forget to also store those passwords safely. We recommend using a password manager – a tool that aids you in creating, managing and securely storing passwords and other sensitive data. The only password that you’ll need to remember is your master password, which is the password that gives you access to your vault.
2. Enable Multi-Factor Authentication (MFA)
Multi-factor authentication adds an extra layer or layers of security to your account. In addition to your username and password, MFA requires that you also use one or more additional authentication methods. Some common authentication methods include:
Most email services provide the option to add MFA to your account. For example, Gmail allows you to enable 2-step verification. Along with 2-step verification, you can choose to add more verification methods such as the use of a security key or authenticator app. The more authentication methods you add to your account, the more secure it’ll be.
3. Add or Update Your Email Account Recovery Options
Most email service providers allow you to set up a recovery option in case you forget your login. It can also be used to block someone from accessing your account without your permission or alert you if there’s any suspicious activity.
Account recovery options are most often phone numbers or other email addresses that belong to you. You can add or update your account recovery options in your email settings and change them whenever you need to.
4. Always Log Out of Your Email Account
Whether you log into your email account from your own device or not, you should always make sure to log out of your account. If you don’t log out, anyone with access to your device will be able to see your email account, which contains sensitive information. Logging out of your email account whenever you’re not using it will protect your account if you use a device that doesn’t belong to you or lose your own device.
If you use a mobile app to check your email, logging out of your account may not be convenient or necessary. If this is the case, make sure your phone is secure, has a passcode and is not able to be accessed by anyone but you.
5. Keep an Eye Out for Security Notifications
Most email service providers will send you notifications if there are any security events happening on your account. Security events include:
- Logging in from a different location or device
- A change in security settings
- Password changes
If you receive a security notification to your email address or recovery options that you didn’t make, you must take action right away. Depending on your email provider, the actions you should take to secure your account may vary. However, if it’s a security notification about an unusual login, immediately changing your password and adding an additional verification method will keep your account secure.
What Do I Do If My Email Is Hacked?
Here are a few steps you should take to secure your email account if it’s been hacked.
1. Use your account recovery option to regain access
If you already have an account recovery option set up for your email, you can use it to regain access to your account. If you do not have an account recovery option, you may need to get in contact with your email provider to see how you can gain access to your email. You’ll be asked to confirm a few details about your account and yourself so they can verify you’re the owner of the account.
2. Remove devices from your email account
Once you’re able to log into your account again, you should check to see which devices are currently logged in. If you see a device that does not belong to you, remove it from your account.
If you use Gmail, go to your Google account >> Security >> Your Devices >> Manage Devices >> Sign Out. If you use Yahoo Mail, sign in and visit the Recent activity page. Once on that page, you can sign out or remove any logins you don’t recognize.
Depending on your email provider, the steps to log out devices you don’t recognize may differ, but it’s recommended you learn how to access these settings for when you suspect suspicious activity.
3. Change your credentials
Once you remove suspicious devices and logins, changing your credentials is the next thing you need to do. Use a strong, unique password to ensure that a threat actor cannot gain access to your account in the future. To add even more security, enable MFA if possible.
Remember, when creating passwords for your accounts you should never reuse or use variations of the same password. If you used the same password for your email on other accounts, it’s crucial that you also update those passwords to ones that are strong and unique, otherwise those accounts are at risks of being compromised.
4. Warn your contacts
While logged into your account, the threat actor may have sent emails to your contacts that could contain malicious links. To ensure that your contacts stay safe and your reputation is not affected, it’s best to send out an email to your contacts letting them know that you were hacked.
Sending them a warning can save them from falling for a phishing scam that may have been sent from your email address.
5. Check your settings
While on your account, the threat actor may have also changed some of your email settings. There are a couple of things you’ll want to make sure weren’t added or changed including your email account recovery options and links in your email signature. You may also want to investigate if any of your emails were forwarded to an unknown email address, as they may contain information that could be used to launch other attacks.
6. Closely watch your other online accounts
Because your email is linked to many of your other online accounts, keeping an eye on them should also be a top priority. Look for unusual activity, attempted logins, password reset requests or anything else that is out of the ordinary. The sooner you notice, the faster you can act to secure your accounts and the information they contain.
The Importance of Keeping Your Email Secure
Securing your email can keep your other online accounts secure since most password resets are sent to your email account. Make sure you’re always following password best practices and enabling MFA whenever possible. The more security precautions you take with your email account, the less likely you are to be hacked. Even if your credentials were part of a breach, having MFA enabled would prevent anyone but you from gaining access to your account.