Well, another day, another email hacking story. This one involves the Bush clan, with reports that a hacker who goes by the name Guccifer accessed private emails and photographs, telephone numbers and addresses sent between members of the Bush family, including both former presidents. Among the data released are catty emails about Bill Clinton, photographs of the ailing senior Bush in the hospital, and a security code to one of the Bush homes. The Secret Service is investigating the matter.
We know that despite stories such as these, many of our clients and colleagues are unwilling to take more sophisticated measures to ensure secure email communications, some of which are detailed in our article on the General Petraeus scandal, “Lessons Learned.” For example, they are still unwilling to encrypt their messages (see our entry “Why You Should Encrypt Your Data Now” for a primer on encryption). And they fear that a service like 10 Minute Mail, which sets a self-destruct timer for messages and email addresses 10 minutes after a message is opened, is too extreme and potentially impractical. Some even refuse to get off of Gmail, even though Google admits that it scans email content for marketing purposes. A point Microsoft is happy to exploit in a new campaign to get people to switch over to Outlook.
Short of deleting your Gmail account, what is the bare minimum you can do to make your Gmail communications more secure? A few simple adjustments would provide some peace of mind:
- Google offers the option of two-step verification to sign in, which is a lot more secure than just using a password. First you enter your password, which hopefully is hard to hack, and then you receive a code either via text, voice call or Google mobile app that needs to be entered as well. Google offers the option to have this two-step process every time you log in, which we think is best, or at least whenever you use a different computer. That way if someone is trying to access your email from another computer, you’ll receive a request for a code that will notify you that someone is attempting to infiltrate your account. You can activate this feature via Accounts and then Security.
- Google provides a list of your Last Account Activity to track where and when your account was most recently accessed. The list details what IP addresses most recently tried to log into your account. Click here and here for lessons on how to determine your IP address. And remember that your smartphone may also access your account, so you need to determine what its IP address is too. You can access the link to this data below your list of messages.