Jump to content
Home
Forum
Articles
About Us
Tapestry

Which email provider is safe?


 Share

Recommended Posts

IWe just use gmail but our LA have recently started using Switch secure data exchange . its a free service by Egress software. We've had to sign up to it in order to read the forms they're sending.

Link to comment
Share on other sites

We use Gmail at the nursery and I use it at home and have never had any problems. I think it is more down to your virus protection though than the email provider.

 

Our LA uses Egress Switch and we've never had any problems with that either. It's very easy to use.

Link to comment
Share on other sites

Gmail here too.. very safe as long as you use good passwords etc.. maybe change this once per month if really conscious. They send you emails if tried to be logged in via unknown locations or devices.

 

Like mentioned as long as you have good virus protection on your devices and update them regularly, and don't open phisher emails, you should be pretty safe.

 

Just to note their are only a few ways people can get your password.. those are:

 

1) Bruteforce password crackers.. so a very unique password containing symbols, numbers letters upper lower case.. should defeat even the best!

 

2)The next are trojan horse viruses that have inbuilt password retrieval tools.. (can get all cached passwords or keylogs and some can even watch you as you log in!) and it is impossible to defend against these 100% - so don't open any executable file that you don't know the source. These "programs" can be in the form of backdoor JAVA applets too.. so make sure your JAVA is up to date always! Just visiting a JAVA website can execute a program on your device (usually PC) if vulnerabilities are there.. ie not up to date!

 

3) local infection ie USB stick loaded with auto execute viruses.. (unlikely)

 

4) Email attachments containing Viruses of course.. or tricking you into logging into your accounts.. so frustrating.. always check the URL of any link contained in the email..

 

That's pretty much it... except Windows vulnerabilities so again always update to latest.

 

So encrypted emails are useful while data is being sent over the net.. but locally it is un encrypted and can be vulnerable and also at the source end. who you send it to it is then un-encrypted and again vulnerable.. so even this is not ideal!

Link to comment
Share on other sites

I think the problem with any email service that is "cloud based" rather than local ie actually on your computer, is that they are accessible to anybody who knows the password and ability to log in via any location or device. This could be done via a proxy or even remotely too!

 

This is possibly the reason many large corporations that have sensitive data on their systems are reluctant to accept emails from these kind of email providers.

 

Can you imagine if just one virus was to get onto a host computer within the NHS IT systems?! It might be possible for "hackers" to then infiltrate the whole network and retrieve the most sensitive information! Examples of these attacks have been in the News and leaked information has caused havoc for customers of TalkTalk recently and there have been many more.

Link to comment
Share on other sites

Personally I would recommend a cloud-based email service provider over handling it locally on your computer. The reason for this is simple. A cloud provider will employ a great many people and invest a lot effort in ensuring that their platform is secure. I'm pretty sure that none of us has the time, expertise or resources to maintain the same level of security on our personal computers.

 

As BroadOaks says, one of the most common ways for viruses to get onto your computer is in email attachments. A good email provider will scan the attachments for you and ensure that they are safe before you even receive the email, let alone think about downloading the attachment to your computer. A good provider will also prevent phishing emails (ones that try to trick you into logging into a fake site) from ever getting to you.

 

It is essential to use a strong password for your email account. Do not use just a word, or even a word with a couple of numbers on the end. You should use a mixture of lower case letters, upper case letters, numbers and ideally other symbols. It should also be as long as you can conveniently manage, 10 characters at minimum. Also do not use the same password for multiple things, if someone finds out the password from one of them, they will be able to access the others. If you have trouble remembering many complex passwords (who wouldn't?) I recommend using a password manager (LastPass is great) to store them, protected by one super strong password.

 

Many good email providers will also allow you to use multi-factor authentication for your account. What this means is that you will need several things in order to gain access. The first one will be your password, and the second one will generally be your phone. When you login (sometimes this is just the first login on a new device) you will have to enter your password and then you will be sent a code by text message (or sometimes there's an app) which you need to enter in order to get in. This is an extremely strong security measure and I very much recommend that you use it.

 

Another issue is the safety of your data. If you store all your emails on your computer and then one day you spill your drink on it, they could all be lost forever. A good cloud provider will go to great lengths to ensure that nothing like that will happen to them.

 

Finally there is the issue of privacy. If your email account is free, the company providing it is making money from it in some other way. Usually this is by advertising, and the big free providers will have programmes which automatically scan through your emails in order to help them to target the adverts more effectively. This doesn't mean that anybody working there ever ends up reading your mail, and I would not expect it to happen, but it is exposed in some way. I suspect this is why some organisations won't exchange email with these providers if it contains confidential information. If you use a paid email service, it's likely that the content of you mail will be more private.

 

So who should you use? Personally I would recommend Gmail, with a strong password and multi-factor authentication (they call it Two-Step Verification). Alternatively, if you want a bit more privacy and control, I would recommend FastMail. It's not free but you get better privacy in return. They also support multi-factor authentication (which they also call Two-Step Verification), and of course you should use a strong password. FastMail is great for businesses, so you could potentially use it to have all your staff set up with their own email addresses, all controlled by a master account that allows you to control what they can do.

  • Like 3
Link to comment
Share on other sites

thank you mattkelly, great information. personally I use Gmail for many of the reasons mentioned although I wasn't aware of the privacy issues if I am honest. I don't read the T&C's as many do not.

 

All I can add is that, I have never had any problems with Gmail, so far. I have received bogus emails from HMRC for example encouraging me to log in.. but nothing with a "virus" gets through ie attachments. I have to say though it is possible to crypt an .exe or .bin or any executable file to get past 100% of virus checkers for a short amount of time ie a few days or weeks depending on when the algorithm is detected, and it could take months for most AV's to detect this virus!! SO NEVER execute a file you do not know the source even if you scanned the file in VirusTotal!!

 

Also, like I mentioned, website links within emails could be linking you to what looks like a legitimate website.. but then within this website might be a "JAVA Driveby" and if your JAVA is outdated it will auto execute a file onto your PC or even maybe Tablet these days!! Many people are compromised this way without even knowing!! If you are unlucky enough to be infected with a Trojan virus then your whole System or Network can be accessed remotely!!

 

Hope I haven't scared anybody lol

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. (Privacy Policy)