Former Secretary of State Colin Powell is the latest politician to have his personal emails leaked to the public in a far-reaching hack.
So how do you avoid meeting a similar fate?
“We should all be more informed on the cyber threat,” says Bob Gourley, co-founder of the consultancy Cognitio and publisher of ThreatBrief.com. “Cyber criminals and fraudsters are always thinking up new ways to trick us. They are crafty and creative and we should all expect to be surprised.”
Gourley and Damon McCoy, assistant professor of computer science and engineering at New York University, say you can never be too careful sharing information online.
The cybersecurity experts share these tips for how email users can keep their passwords from getting into the wrong hands:
Be cognizant when picking security questions
Often when crafting a new account – be it for email or a credit card – websites will ask users to answer a series of security questions.
“Passcode reset questions are like ‘Where were you born?’ ‘What city did you grow up in?’ ‘What’s your dog’s name?’ ” explains McCoy. “These are things meant to – if you get locked out of your account somehow – be able to get you back into your account without having to bother a tech support person.”
If the answer to any of the questions is easy to find online, though, you can run into trouble.
Says McCoy, “It might be a good idea to answer incorrectly or skip that question and instead answer a question that isn’t online.”
Use phrases and symbols in your passwords
“The most important thing we tell everybody is to have a password that is easy for you to remember but impossible for anyone else to guess,” says Gourley. “So we do things like pick a phrase and just use the first letter of every word of that phrase.”
When crafting a password, don’t use anything from your biography, Gourley advises. That includes your pet’s name, your children’s names, your birthday, your spouse’s birthday, etc.
Gourley further suggests using symbols in your password. For example, he says, pick a sentence, inserting two symbols – like an exclamation point – after the first letter of each word.
Adds McCoy, “Your password should not be one of the basic passwords that people would try in your first 100 or so attempts. Most reasonable email systems this day, however, will lock out people after too many attempts.”
Avoid the free email from your Internet provider
When choosing an email provider, Gourley says the current frontrunner is Google’s Gmail.
“Google has been investing billions of dollars to make their email as secure as possible,” Gourley explains. “So if you use their Gmail, they detect any malicious activity. The average American email user that uses Gmail has a little bit of an advantage.”
Further, he advises against using the system that is supplied by your local Internet provider for free.
McCoy explains that any provider that features a “two-factor identification” system is likely trustworthy.
“If you’re logging in from a new device, it will text you a code to allow you to log in from that new device,” he says. “These kind of security measures are nice to turn on but sometimes it’s kind of a double-edged sword, because you might be in someplace that you don’t have cell phone coverage and you want to log in and you’re locked out of your account.”
Check email addresses before clicking suspicious links
“The most common mistake people make online is being tricked into clicking on a link,” Gourley reveals. “That link will come in an email and it reads like something that is interesting to you, so you click on it and it downloads a virus to your computer. And that virus can steal information from you and send it to the criminals.”
How do you know when an email contains a virus? Look at the sender for misspellings, or weird typos, says Gourley.
“Sometimes you’ll get an email that looks like it’s from your cousin or your aunt. She’ll say, ‘I’m in tears I lost my passport. I need $200 to get a new passport. Please click this link,’ ” he says as an example. “Well, they will know your aunt or uncle’s name and they will know you are related and they’ll send you that email with a link to click in order to get your money.”
RELATED VIDEO: Hillary Clinton and Donald Trump: Flashback Moments, 1979 – 1992
Don’t reuse passwords
Using the same password across a variety of accounts is a big faux pas. Explains McCoy, “If someone’s reusing a password and a service gets hacked, the database gets dumped and that password becomes public. If you’re reusing that for your email account, then attackers can easily just log in to that account.”
“When you’re hacked, if it’s the same password for your email and your, say, PayPal account, they’re gonna go right into your PayPal account and clean it out,” he says, advising anyone in that situation to immediately change their passwords from an unaffected device.
Consider a password manager
Gourley suggests using a password manager, which securely stores your codes so you don’t forget them, making it easier, overall, for you to log onto a website.
He points to Dashlane.
“When there is a compromise, Dashlane can help you change all of your passwords quickly,” he explains. “Using a password manager is a good security tip.”
Check your web browser before inputting confidential information
Look to the top of your web browser before entering any confidential information on a website, Gourley says.
“You’ll see: ‘https.’ That ‘s’ stands for secure,” Gourley says. “If you just see ‘http’ there is zero security.”