Skiff Team / 7.02.2020

Encrypted Email: Best Practices for Businesses and Individuals

No one can live without email today: Emails are as much a part of our daily lives as brushing our teeth - a staple for communicating and checked constantly every morning, afternoon, and night.
letter with a green icon as a stamp on it
Whether for work-related issues, academic tasks, or even personal errands, we constantly rely on email to make collaboration and communication easy as possible, even across long distances and timezones. Many of us keep financial statements, medical records, and family pictures stored within our emails. Keeping our email addresses safe and secure is a number one priority in the modern world.Many people do not consider email security in their daily communication routines. But - what are the consequences if your emails are not safe and protected? Are you risking valuable and sensitive information by not taking sufficient security measures?We want to make sure you are taking all the right precautions to keep your emails safe. As a result, we made a list of best practices for individuals and businesses to protect the sensitive and personal information stored in the tens of thousands of emails in your inbox.

What is Email Security?

Email security is a variety of technical techniques and good-practice procedures for preventing your inbox and address from being exploited by anyone. Theoretically, a hacker with access to your inbox could steal your personal information or could use your email address to spread viruses, spam, malware, and ransomware to your immediate contacts.Organizations frequently send tens of thousands of emails per day, and confidential data is almost always involved. If a third party or an outsider were to gain access to this data, it would cause a severe and possibly existential incident for a company.

Encrypted Email: Best practices for Businesses and Individuals

To keep your emails safe and secure, we recommend adopting some or all of measures outlined below. Every measure is carefully crafted to avoid different forms of risk, from your device being compromised to someone figuring out your password.
  1. Start with a Strong Password
Unfortunately, it may not surprise you that passwords like “abcdef,” “123456,” or “password” remain common today. Unsurprisingly, these passwords are not strong and easily guessed through trial and error.Yet, even with knowledge of these risks, many of us use easily guessed passwords. Attackers looking to access your inbox can use software to test these passwords and gain access in seconds.On the other hand, strong passwords are significantly harder to guess and prevent even more sophisticated software from being used to gain access. A strong password includes a combination of numbers, special characters, and upper and lower case letters. Using phrases instead of words is also highly recommended. You should also avoid using your birthday or any ID of your passwords.Even beyond email, using strong passwords is a must: Figuring out a password is a first line of attack for malicious attackers. Furthermore, once one account is compromised, it can compromise additional parts of your digital life, particularly if you use the same password multiple times. If you want to keep your accounts safe, you need to have a strong password for your email account.2. Use multi-factor authenticationMulti-factor authentication (MFA) is another critical line of defense to protect your inbox and communications from hackers or unauthorized access. MFA even prevents attackers who know your password from logging into your email account.When multi-factor authentication is set up, every time someone tries to log into your account a code is sent to your phone, an authenticator app, or another device to verify it is really you trying to log on. A potential attacker would not only need your password but also one of your devices to log in to your account.Almost all email service providers offer two or multi-factor authentication to provide a safer platform for their users. MFA’s main benefit is that a potential intruder cannot enter your system until they get their hands on the code you received when attempting to log in. These multi-factor authentication codes usually come in the form of SMS, calls, or alternate emails.Multi-factor authentication is a necessary form of email security and makes data theft significantly harder for any potential adversary.3. Stay safe from Phishing Emails.A phishing attack is when a potential attacker sends you a fake email and tries to trick you into clicking a link or opening an attachment containing malicious software. They could also try to trick you into entering your username and password on a fabricated link or website.Phishing emails can claim to be from “legitimate” sources like Paypal or your bank. If you end up giving your personal information in a phishing attack, change your passwords immediately and contact your bank or financial provider.Furthermore, we recommend always blocking and reporting email addresses that send you phishing emails. This protects you and others from becoming victims of phishing attacks.4. Avoid using public WI-FIEveryone loves free Wi-Fi. However, connecting to free and public Wi-Fi can expose you to potential attacks and threats. These public networks are unsafe as network traffic could be monitored. Even if you use a strong password, hackers could monitor traffic to certain websites and compromise your inbox or other online accounts.If you need internet outside your home or workplace, you should try using your cellular data or purchase a portable WI-FI router if needed. Using public networks may invite intruders to access your data and passwords.5. Change your passwords when neededIf you have connected to public networks recently or think you might have clicked on a suspicious link, you should immediately consider updating your passwords. This could be essential in keeping your online information safe.Changing passwords will ensure security and peace of mind in these scenarios. Furthermore, if an old password is compromised but you change passwords frequently, potential intruders can still be kept at arms length. Password managers are particularly useful for changing and updating passwords.6. Be careful using public or shared devicesMost public or shared devices can save your login information without you realizing. Some of them remember what the user last typed in a login field, so anyone who uses that device after you may have access to your information.Be careful when you use public or shared devices and make sure you do not enter your email and password unless absolutely necessary.7. Log out when you are done workingThis is one of the most effective security practices that you should follow. Ensure you log out of your email and remove saved usernames and passwords before leaving a public device, or leaving your personal devices open in public. Log out of all accounts, especially your email.Leaving your email logged in on an unfamiliar device is like leaving the keys to your house at the front door.8. Scan attachments before opening themSometimes a harmless file you are expecting to receive actually contains malicious software. Unfortunately, it is frequently very difficult to discern the difference between a completely harmless file and one that contains a computer virus. If you were to accidentally open a file containing malicious software, your email and data could be exposed and accessible to hackers.Once you have let malicious software infect your computer or device, your options are limited (even changing your password could leave your account exposed). This is why cybersecurity experts recommend scanning files before opening them and making sure you trust the sender.There are many security tools on the market that can protect your email and catch files with viruses before they spread to the rest of your computer or device.9. Keep track of your emailThis is an essential step in email security, monitor your email activity and login sessions. If you work in an organization and check your mail regularly, you need to monitor login activity.Look out for websites and newsletters you subscribe to, the number of emails you send and receive per day, and the time you spend on email threads other than one that your organization sends.10. Try a fully end-to-end encrypted email providerIf you want to keep your email as safe, secure, and private as possible, you can look into creating an email account with a provider that offers full end-to-end encryption. End-to-end encryption ensures that only you and the other recipient are the only two people who will have access to the contents of your email.If any attacker tries to intercept your emails at any point, they will not be able to access any of your information or email data.


We have discussed best practices that both businesses and individuals can leverage to keep their sensitive data and information safe and protected from unauthorized users. These practices help keep you and your business secure and avoid costly or embarrassing breaches.Knowing that email is an essential way to communicate with other people, we recommend using Skiff, which provides fully end-to-end encrypted email for businesses and professionals who want to keep all data secure.

Join the community

Become a part of our 1,000,000+ community and join the future of a private and decentralized internet.

Free plan • No card required