In light of recent world events, leaders have been advising all email users to have a posture of “shields up”. In fact, most recently President Biden tweeted a warning about the potential for a cyberattack.
Furthermore, one of my favorite podcasters, Lex Fridman (who covers many science and STEM personalities) recently interviewed Nicole Perlroth (who is a cybersecurity journalist and author). In the interview, she stresses that multi-factor authentication is the simplest way to thwart hackers. Multi-factor authentication is the process where the site you are trying to log in to sends you a text and you have to type a few numbers into the site, or use an authenticator app to generate the numbers.
Regarding email security, you may recall a few months ago that we put out a poll asking you what features would be most important to you in an email security add-in called Phishing Net. Today, the add-in allows you to report potential phishing emails to other authorities (your corporate security officer (CSO) or even Microsoft itself).
Side note: We continue to work on the new features of the Phishing Net add-in, where you will be able to click on an email and the add-in will tell you which country the email originated from, it will automatically warn you when the display name does not match the correct email address, and it will allow you to submit the fake email addresses and so we can use that list to help all other Phishing Net users.
While we wait for the development of the new Phishing Net add-in to be finished, there are some things that you can do to greatly improve your email security.
The most important thing you can do, as Lex Fridman’s guest mentioned, is to turn on MFA. For me personally, turning on MFA for all sites I log into would be a tedious chore. Instead, making changes like this are easily accomplished by doing them one at a time, usually as I go to login to sites that currently don’t prompt me for MFA. It’s a good balance between security and convenience, which are always on the opposite sides of the same fulcrum.
While we’re on the subject of cyber security, how often do you change your passwords? Might as well change them as well while you’re at it. But how do you know you didn’t just change the password last time you logged in? Often but not always I will include the year somewhere in my passwords so I have an idea of how long it’s been since I changed my password for the sites I log into. After a year or two, I change it. When I first started using this technique, I found out how easy it was to spot passwords that had slipped to being 10 years old or more.
BTW, want to be motivated to implement some of these techniques, you can head over to Have I Been Pwned. Simply type your email address and look at the results – it’s eye-opening. You don’t have to be afraid to do this, it’s run (and funded) by Troy Hunt, a Microsoft Regional Director and cyber security enthusiast. When I ran my own email addresses there were 9 violations.
In summary, the best thing you can do to improve your cyber security situation is to use multi-factor authentication, followed by changing your passwords, and finally checking how exposed your email address(es) are so you can get an idea of where you stand. And starting soon, installing the new Phishing Net add-in to protect yourself! We hope this article provided you with helpful information on how to improve your email security.
Here in the UK we can forward the email to the National Cyber Security Centre which is run by GCHQ as far as I know (equivalent of the NSA in the USA).
It happens infrequently but the addresses is saved in my Outlook.