7 Email Security Tips That You Should Always Follow

Email is a crucial part of modern life. Unfortunately, it has significant security flaws that can be exploited by both malware (such as computer viruses) and humans who want to steal sensitive personal information.

Every email user should know how to protect themselves from email-based threats. Follow these email security tips to protect your personal and work email accounts and devices.

1. Never Give Out Any Sensitive Information Over Email or Click Any Links in the Email Body

Never share sensitive personal information over email, even if you trust the sender. Attackers may try to impersonate people or companies you trust, sending email from addresses that closely resemble your contacts’ addresses. They may even take over those addresses and use them for nefarious purposes. 

So, if you receive a request for an account password or recovery code by email, ignore it for the time being. Also, avoid clicking links directly in the email body. Even if the website appears legitimate, it could be insecure or controlled by someone who wants to steal information from unsuspecting users.

2. Confirm the Sender’s Identity By Other Means

You will sometimes receive legitimate requests for personal information by email. If you suspect that a request is genuine, contact the sender by other means to confirm. Then, communicate the information verbally or by secure message (other than email).

In the workplace, this might mean picking up the phone, sending an internal chat message, or walking across the room to the sender’s desk. When dealing with senders outside your organization, it might mean calling customer service or sending a help request through the organization’s website.

3. Don’t Open Email Attachments From People Outside Your Organization

Email attachments can contain viruses and other malware. 



“Don’t open attachments from senders you don’t know, especially those outside your organization’s firewall.” — George Otte



If you must open an email attachment from a trusted sender, use your email program’s “preview mode” or view it in “protected mode” after downloading.

4. Use a Different Password for Every Email Account, Make Them Strong, and Change Them Frequently

Use unique passwords for every email account. Make them strong, using a combination of at least eight letters, numbers, and special characters. Change them at least once per month without ever reusing old passwords.

5. Use Two-Factor Authentication

If your email program offers it, enable two-factor authentication at log-in. Two-factor authentication pairs a second identity check, such as a unique code sent to your phone, with a traditional password. Even if an attacker knows your password, they won’t be able to access your email if they don’t have access to the second piece. 

6. Learn to Spot the Signs of Phishing

Phishing emails are malicious emails that attempt to extract sensitive information (such as passwords) from the user, or convince them to click on a link that downloads malware onto their devices. The signs include:

  • Direct requests for personal information
  • Offers that sound too good to be true
  • Links that you don’t recognize
  • Threats to revoke account access or benefits

7. Don’t Reply to Spam or Phishing Emails

It’s best to ignore phishing emails entirely after marking them as “spam” in your email program. Don’t reply to them directly, as this will only encourage the sender. 

Likewise, don’t respond to “regular” spam emails either. While these emails aren’t malicious, they’re not useful to you, and responding will only attract more.

Do you use any of these strategies to deal with email security threats? Which work best for you?



George Otte is a Miami-based entrepreneur and executive with more than 15 years of multifaceted business operations experience.