The recent NBC News report into China’s hacking of Obama administration officials’ email accounts has highlighted again the need for basic security awareness and training in government and corporate organisations.
Whilst this latest email hack does not pertain to official government email addresses – the majority of the compromised emails were stored in private gmail accounts – it is a reminder to all organisations dealing in sensitive information to ensure that their employees use their private accounts sensibly and do not put company or state data at risk. NBC’s report follows the controversial news, earlier this year, that Hillary Clinton had been using her own private email account while Secretary of State from January 21st, 2009 to February 1st, 2013. Opponents have suggested she placed state secrets at risk; an allegation she denies.
U.S. security experts suspect that these latest reports into email hacking are part of an on-going cyberwar backed by China (although the Chinese government has consistently denied responsibility for all breaches). In July of this year, the records of 22 million federal employees (many in senior or secret roles) were compromised after a massive security breach at the Office of Personnel Management. The breach led to the resignation of the department’s director.
Improving Email Security Awareness
Individuals who are concerned about their private email security, in light of this recent attack, can take certain steps to improve their safety online. This includes the following:
– Using a private email server and making sure email and server connections are encrypted
If you use gmail or other web based email services, be aware of the security risks. If you send email without ensuring it’s encrypted, it can be intercepted and read by hackers. If you set up a private email server, it’s important to ensure that you use email encryption software. You also need to make sure that the connection between servers is encrypted using Transport Layer Security (TLS).
– Use SSL protection if using web based email services
If you do use web based email services you need to make sure that your browser sessions are encrypted. Check for https in the browser session and ensure the connection is SSL (Secure Sockets Layer) protected.
– Educate yourself on the dangers of malicious spam
Have you been enticed by slightly odd looking Paypal emails or messages from your bank asking you to sign in? You’d be one of many millions who have succumbed to successful phishing campaigns. Clicking that link or downloading that PDF could be the doorway to cybercriminals accessing not just your private email accounts but also bank account information and a host of other personal information.
– Keep your software up-to-date
Out of date programmes running on your personal computer or business systems are prone to vulnerabilities and present a major risk. You also need to ensure that your security software is kept fully up to date.
– Use an email scanner
Using filters can help ensure that you do not receive inappropriate or malicious email in the first place.