Your email is your business’s lifeblood these days. Most clients like the convenience of reading their updates on their home, on their title commitment, and everything else through the convenience of email. And, while they may or may not be following safe procedures, it should be one of your primary concerns.
After all, your clients private information is in those emails. Financial records, account numbers, names, and other forms of sensitive data that shouldn’t be released to the public. What if someone guesses your password or otherwise gets access?
There are some very good tips you can follow to keep your email safe. Most of these solutions are simpler than some recipes you’ve been dying to try or some driving maneuvers you perform daily. If you add these layers of security, you can be confident in your email’s safety.
The first line of defense against people who’d like your information is to create strong, unique, and unguessable passwords to your accounts. Many people tend to use passwords like “pa$$word1! “ when that’s one of the most easily guessed passwords. Below is a list pulled from CBS News of the 10 most common passwords last year:
If you see any of your passwords on here, you should be changing them right now. Those are the most common and they are also the most easily guessed.
Best practice for passwords is to use a random string of letters (upper and lower case), numbers, and symbols of significant length (8 or more characters). It should look more like “1dfGHt#2” than “password.”
If you’re worried about remembering passwords, use a password manager app or sync tool like iCloud Keychain or 1Password. That way, you can generate extremely secure passwords that your phone and/or computer will put in automatically for you while still maintaining the security that you need.
But, a good password isn’t worth anything if you give it away willingly. We’ve all been warned about phishing and spam, and never to click links in emails where you (a) weren’t expecting an email or (b) don’t know the sender. Those maxims are still true but there’s even more to be worried about now.
Phishing is, specifically, the act of imitating a legitimate company’s login screen to get your password. They’re getting good at replicating the official website, too. Here are some common traits of phishing emails, pulled from Microsoft:
- An email might claim your account will be shut down or important documents will be lost if you don’t take action through their links. This is usually false. If it isn’t, you’ll be notified when you log in to the real service through a link you’re familiar with.
- Grammar errors
- Most spam artists are not well known for having good grammar and punctuation. If the email reads choppy or wrong, it’s most likely a fake.
- Email is “from” a big company
- Phishers generally don’t want information for smaller, niche websites, so be especially suspicious of emails from the big guys: Google, Facebook, Twitter, and so on.
Follow this rule of thumb if you don’t want to get caught by a phishing scam: if you receive an email from anyone asking you to login, give them your password, or otherwise give up information, do not use their links or give them that information. Instead, if you’re concerned, go to the website they’re claiming to be from yourself by hand-typing the URL into your browser. That way, you can be sure you’re at the right place.
A problem that faces real estate and title professionals in particular are schemes to get you to transfer funds to a dummy account. The emails in question will look almost exactly like real requests for transfers and if you’re not careful, you might end up sending large amounts of money to fake accounts. When in doubt, verify the transaction request with the sender if you know them, or take steps to find out if they’re legit. Use the tips above to recognize and avoid emails intended to steal passwords or cash and delete the offending messages as soon as you can.
Recovery options are also difficult because if you’re vigilant about setting a good password and avoiding/ignoring phishing but make your security questions easy to answer or easily researched, you’ve done a lot of hard work for nothing. When you set up your security questions, make sure they’re:
- Not public information
- Instantly memorable
If you’ve ever revealed your security question’s answer anywhere, ever, don’t use it. Instead, if you’re given the option, make up your own question about something you don’t tell others, or use the question that you’ve never told anyone. Be aware, too, that some image memes that are commonly shared on Facebook are looking for information commonly found in these questions. If you know you use certain details for these questions, don’t publish them on any social media network or tell anyone you don’t trust.
Some websites (like Google, Facebook, and Twitter) have introduced what’s known as 2-factor authentication. It may sound complex but it’s actually rather simple: they require any password input to have another, smaller password generated by another device. The services I mentioned earlier all use apps on iPhones/Androids to generate the code. If you activate this system, you’ll be asked for a code each time you log in that only you, on your device, can make. That way, even if someone else has your password, the only way anyone’s getting in is if they have your code generator—and they’d need to steal your phone for that.
The only way that you’re going to lose your data and your email account if you use these tips would be to hand it to them directly. Staying safe has never been easier thanks to the basic tools that we’ve been given from the email providers themselves and the basic tips to maintaining a safe, secure email system earlier in the email: make a good password, give it to no one, don’t log in through links but rather through the sites themselves, and just practice good email management, and you’ll be fine!
Follow these basic tips to stay safe through your email:
- Trust no one
- Any email coming from anyone you don’t know or any company from whom you’re not expecting an email is suspect. Don’t click those links.
- Any legitimate web service or company can verify those requests. Call them or send an email directly to your contact, not by “reply.”
- Use good passwords
- Get rid of simple passwords and those “123456” codes—they will get you into trouble.
- Passwords should contain:
- At least 8 characters (the more the better)
- Symbols, numbers, and both upper and lower case letters
- A jumble of letters that can’t be found in a dictionary
- Use additional account protection
- Services like Google’s Authenticator and other forms of two-factor security make it harder for phishing and brute-force password hacking. Use those services.
- Don’t make your security answers public information—if it’s used to secure an account, keep it to yourself.
- Use good judgement
- If an email feels wrong or is unexpected, confirm and verify it. It’s usually too good to be true.