Last updated May 2023

One of the most important parts of your digital security is your email. You use it to communicate with friends, family, colleagues, employers and brands. Unfortunately, this makes it a key target for hackers. 

Your email is a skeleton key, giving hackers who gain access to it a way into all your other accounts, therefore it’s vital that you keep it secure. So here are six ways to protect you and your email account.  

  1. Use a unique secure password 

    When creating a password for your email ensure it is a ‘secure’ one. This means that rather than using a simple short word (such as your mother’s maiden name) or phrase that can be easily guessed, it's  recommended to use a password with more than 10 characters, that features a mixture of upper and lowercase letters, numbers and special characters. This will make you password much harder to guess or ‘force’ through an algorithm.   
     

  2. Don’t click on unknown links 

    Scammers and hackers often send phishing emails. These are emails that look like they are from friends, family or other legitimate contacts. The aim of these emails is to get you to click on a link that will allow hackers access to your computer and email, therefore compromising account.  

    Always make sure to check email accounts on strange or unexpected emails and make sure people are who they really are.  
     

  3. Update your email client regularly  

    Having the latest version of your email client, be that Microsoft Outlook, Apple Mail, or any other version, will ensure you have the most up to date protection from bugs, work arounds, and exploits that hackers may use to access your email.   
     

  4. Change your password frequently  

    As well as creating a secure password, our experts recommend that you also change it frequently. This is important in case you are unknowingly caught in a data breach.  Even if your email password is leaked, if you change it frequently you can reduce the damage if old passwords fall into the wrong hands. We would recommend changing your password every 3 months at a minimum.
     

  5.  Use a password manager 

    If the above options seem overly complicated, then you may want to use a password manger. A password manager will generate and save a list of secure passwords linked to each login for different types of accounts. It will also remind you when passwords need changing and updating. This means that you only need to remember one password to keep track of all your accounts.  
     

  6. Use two-factor authentication  

    Two-factor authentication is when you need to use two separate devices and codes to gain access to your email. This adds an extra layer of security and insures that if one part of your email is compromised, for example, your password is leaked in a data breach, then fraudsters or hackers still cannot access your account. There are a number of different types of two-factor authentication:

    • Text: This is where you will receive an SMS or text message to your smart phone with a usually 4-6 digit code that you must enter into your email service when you attempt to log in 
    • Call: this is where an automated service will call your phone when you attempt to log in, giving you a verbal  4- 6 digit code, which must be entered in a similar way to the text message service 
    • Authenticator Apps: These are in our opinion the best method, and are a separate password protected app on your phone. When you log into your email you’ll be ask to go into the app and enter in the current (usually the codes cycle every 60 seconds) code that it displays. These are the best because they are themselves password protected if your phone is stolen or compromised 

As with anything type of security, these methods are only as secure as you allow them to be. So never give your email password and authenticator code to anyone who you do not 100% trust. And if you notice any suspicious activity on your account, then report it to your email provider and change your login details immediately.  

If you’re ever unsure, sites such as haveibeenpwned.com can help you to check if your account details have been in recent data leaks or available online.
 

Spotting Email Scams

Email scams have become increasingly common as hackers come up with new methods to trick you into revealing sensitive information.  

Hackers’ methods are becoming ever more sophisticated, therefore, it has become incredibly difficult to spot whether an email is genuine. Scammers are very good at disguising their attacks in messages that look and feel just like the real thing.

Read our guide to to help you spot warning signs: