While CIA Director Brennan was a casualty of a duped service provider there are other ways hackers use to gain access to your email. See the full story here: https://www.wired.com/2015/10/hacker-who-broke-into-cia-director-john-brennan-email-tells-how-he-did-it/ A hacked email account is a serious problem. Besides reading emails, cybercriminals can access other types of information associated with the account, such as calendar and contact data. Hackers can also use the account to send out spam or malicious emails, or even access other online accounts. For example, suppose they see a sales confirmation email from an online office supply store in the inbox of the hacked email account. Website login credentials often consist of an email address coupled with a password. The hackers already know the email address, so they might try entering commonly used passwords or running a password-cracking program to find the password.
Here are five ways to protect your business’s email accounts from hackers:
1. Require Strong, Unique Passwords for Email Accounts
Both hackers and password-cracking programs are really good at figuring out weak passwords. For this reason, your business’s email account passwords must be strong. A strong password:
- Is at least eight characters long (the longer, the better)
- Uses uppercase and lowercase letters
- Includes numbers, but not in a predictable pattern such as 123
- Uses special characters (e.g., question mark, ampersand, percent sign) when possible
Email account passwords also need to be unique. Hackers know that people reuse passwords, so once they obtain an account’s credentials, they try them elsewhere. Since creating and remembering strong, unique passwords is difficult, have employees use a password manager to create and store their credentials.
2. Secure Your Business’s Computers
Hackers can use malware to obtain passwords. For instance, they might use malware that logs keystrokes or searches a computer for credentials. To help prevent such malware from infiltrating your business’s computers, it is important to use anti-malware software as well as regularly update your operating system and applications.
3. Educate Employees about Phishing and Spear Phishing
Hackers might try to obtain email account passwords through phishing or spear phishing emails, so you need to teach employees how to spot these emails. When doing so, stress the following points:
- If employees receive an email from someone they do not know, they should not open any attached files or click any links (unless it is a normal part of their job, such as an HR manager opening attached resumes sent by job applicants).
- If employees receive an email from someone they know but it contains an attachment they were not expecting, they should check with the person first before opening the attachment to make sure he or she sent it.
- If employees receive an email from someone they do not know and the email contains a link, they should not click the link.
- If employees receive an email from someone they know and the email contains a link, they should check the link (hover their cursor over it to see the web address) before clicking it.
4. Create an Official Email Policy
Employees are increasingly using their personal smartphones, tablets, and other computing devices for work. You can use an email policy to let employees know whether they are allowed to access work emails from their own devices.
An official email policy can also lay down some ground rules on accessing emails while traveling for business. For example, the policy might state that employees should not access work emails from public computers (keyloggers might be installed) or use public Wi-Fi hotspots (sniffing attacks could occur).
5. Require Two-Step Verification for Email Accounts If Available
More and more email service providers are offering two-step verification, including Gmail, Hotmail, and Outlook.com. Two-step verification adds another layer of security to email accounts. For instance, employees might need to provide a password and a security code to access their email accounts. With two-step verification, hackers cannot access an account even if they have the password.