Email security tips

by John Bandler

Email security is an essential part of cybersecurity and cybercrime protection for individuals and organizations. Here are some quick tips to secure your email accounts (or those of your organization). Links are below to other articles which have more information about cybercrime, cybersecurity, and building a comprehensive program for cybersecurity and cybercrime prevention.

Main steps

The two essential steps for securing and email account are:

1. Ensure the account has a strong, unique password.

  • A strong password means it would be hard for a person or computer program to guess. Longer is better.
  • A unique password means you don't use this password for any other account.

2. Ensure two-factor authentication is enabled (also known as multi-factor authentication, 2FA, MFA, two-step authentication).

  • 2FA means access to the account requires two factors to prove who you are, a password (something you know) plus proof of something you have (your cell phone or a token) or proof of who you are (e.g. facial features).

Here are some other steps

3. Review the security and privacy settings for your email account

As available from your email provider (Google, Microsoft, Yahoo, etc.) check the security and privacy information and settings periodically. Learn a little more each time. See my Four Pillars of Cybersecurity with a focus on the "Data" pillar.

4. Review your computer device security

Review the security of your computer devices, such as smartphones, tablets, laptops, and desktops. These devices access your email (and a whole lot more). See my Four Pillars of Cybersecurity with a focus on the "Devices" pillar.

5. Repeat periodically

Cybersecurity is never "done". We review periodically and try to improve our knowledge and awareness and security and efficiency. See my Four Pillars of Cybersecurity with a focus on the "Knowledge and Awareness" pillar and the "repeat" instruction at the end.

6. Think before you click, open, address, or send

Receiving an email? Think before you click on a link or open an attachment. Any indicators it is a phishing email or trying to get you go to a malicious website or open a malicious program (malware)?

Sending an email? Double check who you are addressing it to. Make sure it is going to the right person, not an unintended recipient. Double check to proofread and for tone.

The harms of poor email security

If email security is poor, these are the bad things that can happen.

  • Data breach. Your stored emails are accessed and stolen. This could lead to other harms and could be be a reportable data breach (see other article linked to below).
  • Email Based Funds Transfer Frauds. Your email account, or the information within it, can be used to commit a theft known as business email compromise (BEC) or CEO fraud, and other names (mine is Email Based Funds Transfer Frauds). See other article linked to below.
  • Loss of communication ability
  • Disruption
  • Embarrassment

The benefits of good email management

If you secure your email accounts well, and learn to manage them well, here are the benefits:

  • It also secures your other important information that may be stored in the same account (documents, contacts, calendar, tasks, notes, etc.)
  • It prevents all the bad things listed above
  • It allows you to communicate and work efficiently and effectively.


Cybersecurity and technology is a life-long learning process. Start now and employ the important cybersecurity steps of a strong password and two-factor authentication. Look to the other steps and review periodically, to continually improve how you secure and use your email accounts and other technology.


John's services and books

This page is hosted at, copyright John Bandler all rights reserved.

Posted 3/9/2023 (building on prior work). Updated 03/09/2023.