In this interview Dave Wreski, CEO of Guardian Digital, explains various best practices for securing your email and protecting your privacy.
BD: What were your thoughts when you learned that your email address had been pwned in a data breach?
DW: I was discouraged, but not the least bit surprised when I was notified that my email account had been pwned in a data breach. These days, data breaches are ubiquitous and, unfortunately, somewhat unavoidable. In 2018 alone, there were 12,449 authentic breaches and leaks (Dark Reading). You can take all of the advisable precautions; however, chances are one of your email accounts will be compromised in a data breach or a data leak at some point. It is critical to recognize this and take measures to mitigate your risk and protect your privacy.
BD: What role does email typically play in data breaches and data leaks and how can an effective email security solution prevent the compromise of email accounts and sensitive data?
DW: Email is frequently involved in data breaches and data leaks because it is a popular vector for sending private information and conducting business affairs. This sensitive information could include email addresses, which could be used by threat actors to carry out future spear phishing or BEC attacks. An effective email security gateway accurately identifies and blocks malicious or fraudulent emails that could prompt users to share sensitive information or data, thus minimizing a person or an organization’s risk of experiencing data theft or data loss and the devastation that a successful attack can cause.
BD: How can open-source software and open-source operating systems be leveraged in an email security solution to provide a level of security that exceeds what proprietary solutions offer?
DW: The transparency, collaboration, and innovation encouraged by the open-source development model model result in software, operating systems and solutions that are inherently reliable and secure. Open-source code is available for experts from around the world to review and improve, leading to the rapid detection and elimination of vulnerabilities and security bugs. Thus, open-source email security solutions are secure from the ground up and offer a higher level of security and protection than proprietary alternatives. Proprietary software is not available for the public to review, and email security solutions comprised of proprietary technology often consist of software created for a different purpose with incoherent security features added on.
BD: What is your best advice in terms of both email security and email best practices for someone looking to minimize their risk of being affected by a data breach or an email-related attack?
DW: First off, never open a suspicious email, link or attachment. Here are some other measures that I would recommend taking to help prevent your email account from being hacked:
- Create a strong password that includes a variety of characters and NEVER share your password.
- Try to minimize logging into your email from public places. Untrusted computers can have spyware or keylogging programs hidden on them, which can collect personal information.
- Add two-step verification to your email address. A second step password is a random set of characters sent directly to your phone, laptop or tablet, which means that a hacker would need both your email password and your personal device to access your email account.
- Frequently check your account activity to make sure that records match your own login history.
That being said, email-related attacks have evolved to become highly sophisticated and deceptive and cyber criminals utilize advanced, complex social engineering tactics to trick their victims. This is why it is critical to invest in a comprehensive email security gateway that is designed to protect against both new and existing threats. To learn about EnGarde Email Security Gateway, an advanced open-source email security solution that outperforms proprietary alternatives in terms of security, reliability and resilience, visit https://www.guardiandigital.com/.
Check if your email account has been pwned in a data breach here: https://haveibeenpwned.com/
Follow us on social media!
Twitter: @gdlinux
Facebook: Guardian Digital
LinkedIn: Guardian Digital, Inc.