As Russia's invasion of Ukraine continues and sanctions imposed on Russia from the international community increase, cybersecurity concerns are also on the rise. Though US officials haven't identified a specific retaliatory cyberthreat to the US coming out of Russia at this time, officials are calling on individuals and organizations to remain vigilant as evolving intelligence indicates Moscow is "exploring options" for potential cyberattacks. Part of that vigilance should include email security since email is especially susceptible to attack.
To be clear, larger-scale organizations are the most likely target of any major state-sponsored cyberattack, although independent actors may be looking to exploit vulnerabilities in smaller-scale operations as well. However, the personal risk level for individuals remains low.
Even so, you shouldn't take your personal online safety for granted. There are fundamental steps you can take to protect your digital privacy and mitigate the risk of being affected by a cyberattack.
One of the most important considerations is to protect your email. Email is still one of the most widely used online communication technologies, but it's also one of the least secure -- which is why it requires extra care. In addition to taking steps to protect your email, it's important to create a local backup of any high-priority correspondence or email-dependent documents in case of potential temporary outages your email provider may experience as a result of a cyberattack.
Here are five things you can do today to secure your email.
Use a strong, unique password
CNET has a lot of helpful advice on what makes for a strong password, but the two most important elements are that your password should be long (at least eight characters including numbers and symbols) and unique (i.e., don't reuse the same password for multiple accounts). If you struggle with passwords, a password manager can help generate complex passwords, remind you to change them, as well as help you remember them.
Your password is the first line of defense against someone who wants to infiltrate your accounts and access your private data and communications. Make sure this defense is strong.
Enable two-factor authentication
Two-factor authentication adds an extra layer of security to your email account. After you enter a password, you'll need to provide a separate authentication code sent to your phone or mobile authenticator to access the account. This means that even if an unauthorized party was able to crack your password, they would still need physical access to your phone in order to access the email account. Most email services offer two-factor authentication; if the email service you're using doesn't, you should switch to one that does. Email providers usually offer various ways to enable this functionality, but generally, if you head over to your email account settings and look for options labeled privacy or security, you can usually find and enable the feature there.
Use a secure email service to encrypt your messages
Secure email services like ProtonMail, Tutanota and StartMail encrypt your email to ensure that messages remain inaccessible to any unauthorized party who may want to snoop on your correspondence. The secure email services listed above also provide the option to create disposable aliases to protect your privacy even further and limit what entities have access to your primary email address. Keep in mind that while you can get a basic, limited account with some encrypted email services for free, you will need to pay for enhanced privacy features like aliases and custom domains.
Identify and avoid phishing scams
Phishing is still one of the most common methods cyberattackers use to break into online accounts. If you see an unsolicited email asking you to urgently click on a link or download an attachment, it's probably a phishing scam. Don't ever click those links. Otherwise, you're likely to download malware or otherwise reveal personal information like your passwords and financial information.
Phishing emails often look like they're coming from legitimate sources (maybe an online service you use, like Netflix or PayPal) and will typically claim that there's an issue with your account or payment information. Scammers are even trying to exploit the situation in Ukraine by launching phishing campaigns and other scams that prey on people's instinct to help in times of crisis. However, you can often spot grammatical mistakes or other inconsistencies in phishing emails that will tip you off to the presence of a scam. If you're ever in doubt, don't engage with the email and try to verify that information directly with the purported source.
Use Apple's Hide My Email feature if you have an iPhone
With the release of iOS 15, Apple rolled out Hide My Email, an important security feature that will let you hide your email address from the sites and services you sign up with online. Hide My Email generates a randomly assigned email address to use in situations where you don't want to provide a website with your actual email address. This feature can help limit the number of sites and services online that have access to your personal email address, as well as the chances of it being shared with other malicious entities.
If you have an iPhone, you can access the Hide My Email feature by going to Settings > iCloud > Hide My Email.
If you don't have an iPhone, the most practical way to replicate this functionality would be to use different aliases, if offered by your email provider. Many popular email services like Gmail, Yahoo, Outlook and other secure email providers offer aliases. Check your provider's account settings to see if it offers the feature.
For more cybersecurity advice, check out our privacy checklist, read about the donation scams to watch out for, and why it's important to keep your operating system updated.