SJW Tech Services

I received this question from a client, and I decided to tackle the topic of e-mail security. How secure is e-mail? What are simple steps you can do to mitiagate the risks associated with non-secure e-mail? What’s the best way to have secure online communication?

E-mail is NOT and SHOULD NOT be considered a secure medium for communcation. There are far too many variables to consider to give a blanket “yes or no” answer on whether or not a particular system is secure. There are steps which you can take to mitigate the risks associated with non-secure e-mail, but if there’s someone out there who has the right motivation and the right tools… watch out. If you’re in need of serious e-mail security (DoD grade), it’s probably a good idea to consult a network security expert. However, if you’re not dealing with matters of national security, keep reading.

There are a few simple steps to insure that you’re dealing with e-mail as securely as possible. 9 times out of 10, e-mail accounts are hacked by people guessing your password. Or, the cleaning lady looked under “P” in the rolodex on your desk and found all your passwords. Password guidelines are pretty simple: make it something only you would know, use non-standard characters such as !!@#$%^&*() and don’t write anything down. Now I know that sounds crazy…

… but seriously. It’s not that difficult.

The next thing you can do to make your e-mail a tad more secure is to make sure you’re using SSL (if your provider supports it). SSL establishes a secure “tunnel” from your computer to the e-mail server. If you’re provider supports this, it’s definitely the way to go.

If you’re looking for the cheapest, quickest, most secure option, you can send e-mails using LockBin (https://lockbin.com). You can send secure e-mails this way, but it has its limitations (no support for attachments, for example).

It’s safe to assume that the e-mail system, as a whole, is not secure. You can do everything in the world to secure your e-mail, but if the person you’re sending e-mail to has a password of “123″ there’s not much you can do.

You can e-mail specific questions to me, Stefan, at stefan@sjwtechservices.com, or call me at 865-803-5092.

There definitely is a new trend popping up and it’s called “scareware.” The tactic basically involves some kind of Internet Explorer advertisement that looks really similar to Windows, and tries to “scare” you into thinking you’re infected:

Once you’re convinced that you’ve been infected, you click “OK” and illegitimate anti-virus software is downloaded and installed on your machine.

One such scam that I’ve seen several times already is called “Personal Antivirus” (pictured above). Don’t fall for this scam – the only alerts you should trust will explicitly say the name of your anti-virus software. e.g. “avast! has detected a threat…” If you have been “infected” with this software, it can be a nasty bugger to remove – it plants itself inside IE, sometimes in your startup items, your registry, and may or may not even show up in the Add/Remove Programs control panel. If you do become infected, it’s a good idea NOT to login to banking/eBay/credit card websites until you’re sure the computer is clean. Remember, you can call me for all you’re virus/malware/spyware removing needs at 865.803.5092.

I know a few of my clients have used Windows Live OneCare in the past – just wanted to let those of you who use this software know that Microsoft is killing the project. It will be replaced with a free version (currently codenamed “Morro”), and current users of OneCare will have the option to move to the new free service.

It’s imperative that you have some sort of anti-virus on your computer (you only need 1 – if you have 2, your computer will slow to a crawl). If you don’t have any anti-virus software, I would recommend you either go purchase one now (purchase ESET here) or disconnect your computer from the internet right now and call me (Stefan) at 865-803-5092!