I probably don’t need to recite a litany of famous cybersecurity breaches, but I will. The media has provided us with plenty of headlines over the last few years. And those are just the ones we know about. It is said there are plenty of other big stories that have never come to light.
A Partial List A partial list of well-known companies that have had their customer’s data breached since the middle of the last decade: TD Ameritrade, National Archive and Records Administration, Citigroup, Healthnet, eBay, Honda, Defense Department, Chase, Scotttrade, Target, At&T, T-Mobile, Yahoo, Democratic National Committee, Wyndham Hotels, Equifax, Department of Veterans Affairs, Sony, Home Depot, IRS, Bank of America, Texas Attorney General, Allied Insurance, JP Morgan, TJ Max, Hyatt Hotel, Kmart, Blue Cross/Blue Shield, Facebook, and Adobe.
According to FBI Public Service Announcement, May 4, 2017, in the US between October 2013 and December 2016 there were 40,203 complaints of email security breaches from small and large businesses. The total losses were $5,320,890,448. That’s an average loss of $131,902 per complaint. Between January 2015 and December 2016 there was a 2,370% increase in losses reported. Who knows how many breaches went unreported. And the report doesn’t include personal complaints. (The FBI announcement is very useful and includes scenarios, trends, and suggestions for protection.)
The January issue of PC Magazine predicts that email will continue to be a major target for cybercriminals in 2018.
The big question is how does this seemingly endless threat affect you? We all tend to think that that we are of little interest to hackers and in any case our chances of being hacked by cybercriminals from Nigeria, Romania, China, or Russia seem remote. Unfortunately, whatever we may think, we still have bank, brokerage, credit, and shopping accounts online vulnerable to hacking. It’s not a matter of IF. It’s a matter of WHEN. And when it comes, are you ready for it?
If you’re ready for the hack that comes your way, you’ll likely never know it was attempted. If you’re not ready, then shame on you. It’s not likely to end well. But then, there has been plenty of warning.
This book is about getting you ready by making your email secure. Since your email is the cornerstone of your online world, making your email secure goes a long way toward making your entire online presence secure. Indeed, if your email is hijacked or otherwise compromised, it can lead to a serious breach of security in your overall cyber presence. Such a breach can result in a substantial financial loss or a critical loss of secrecy (e.g., proprietary information).
It’s true there is no absolute defense to email hacking. Nonetheless, there are simple, convenient, and inexpensive things you can do to change the statistics from being a real threat to being an unlikely occurrence.
There are plenty of solutions to security threats. Many are difficult to understand, complex to implement, or expensive to use. The ones that are more practical tend to be defenses that solve only one security threat, leaving you susceptible to others. That’s why I consider RMail services important. It’s a suite of security services.
RMail services are comprehensive, easy to implement, easy to use, and inexpensive. RMail has been around since 2000 (started out as RPost) and has substantial experience in successfully providing specialized security to email users. Recently it has expanded its security services to be more comprehensive. Hence, this book uses RMail as the prime example of defense against hackers.
Flexible You can use RMail in place of your current email service, or you can use it as an addition to your current email service to make your email activities more secure. Moreover, it works with whatever email programs and services recipients use.
But anti-hacking security is only part of the RMail story. The huge bonus for businesspeople is that the RMail suite of services is at the same time a suite of convenient and inexpensive business services. Indeed, this book is really a business book. It’s a book about how to conduct business securely in the new digital environment where everyone is connected to everyone else, for better or worse. It’s a book about how to keep things straight (honest) with everyone you deal with whether friends, family, co-workers, colleagues, clients, customers, vendors, collaborators, or the like. After all, almost everyone does some business on the internet.
If you’re an individual with few business responsibilities, there’s plenty here for you to digest too. But if you’re a businessperson, this book is essential for your secure business practices moving forward into a cyber future that’s getting to be more useful yet more hostile every day.
To begin, in order to easily understand the topics in each chapter, you need to understand some of the specific terms the book defines and uses. With that in mind, this introductory chapter sets forth some basic definitions.
Internet Service Provider (ISP)
An internet service provider (ISP) provides you with internet service. This means that your ISP gives you the means of hooking up to the internet. Typical ISPs are AT&T, Verizon, Comcast, Cox, and other major communications corporations (telecoms).
There are also plenty of local ISPs. Local ISPs typically do not serve a nationwide market and in many cases do not even serve a statewide market. Some are so small that they serve only part of a city or county.
Profit and non-profit organizations, such as corporations and colleges, also provide internet service internally to their employees and other constituents, but not to the public.
Whatever their size and market, ISPs are the entities that give you a connection to the internet. That connection is via phone line, cable, or satellite transmission.
A host ISP is simply a provider that specializes in Web hosting services. It doesn’t necessarily provide you with a connection to the internet, but it does provide you with a smörgåsbord of services for establishing and managing your website(s). Your normal ISP is typically a host ISP too. But most people prefer to use a separate host ISP due to the specialized Web hosting services that a host ISP typically offers. HostGator and 1&1 are good examples.
To handle your email, you use email software; that is, you use an email program. Your email program (on your computer) sends, receives, stores, and manages your email. Email programs are such software as Microsoft’s Outlook, Mozilla’s Thunderbird, Apple’s Mail, Synacor’s Zimbra, and the like. Some email service providers provide email programs, too, such as Google (Gmail). For tablets and phones, email programs are known as email apps. (There is also the technical and decades-old term of email client, but this book does not use that term.)
Email Service Provider
An email service provider runs an email server on the internet. When you send an email, it goes to an email server as outlined in Chapter 2. An email service provider operates that email server.
For instance, if your ISP is Comcast but you use Google’s Gmail, Google is your email service provider. When you send an email, it goes to the Google email server.
Many of the email service providers such as Google Gmail, Microsoft Outlook.com (Hotmail), and Yahoo Mail offer free email service. ISP’s also offer email service typically at no additional charge.
Marketing Email Services There is also a large industry of email service providers that handle mass email marketing campaigns sending hundreds or thousands of marketing email messages at one time. Such email service providers are beyond the scope of this book. Examples are AWeber and Constant Contact.
An email server is software that can run on any computer connected to the internet. It sends email messages out across the internet, and it receives email messages from the internet and holds those messages in storage. An email server is a program that runs on the email service provider’s computer, not your computer.
When you send a message from your email program it goes to an email server, which sends it on to its destination. An email server also receives your email messages from the internet and holds the messages in storage until your email program retrieves them.
Can you operate your own email server? Sure. You can take an old laptop (or desktop), install a free email server program on it, hook it up to the internet via your router, and run it 24/7. Anyone can do it. But if it doesn’t run 24/7, it misses incoming email. And it requires management that sometimes requires expertise. Consequently, few people run their own email server. It’s just easier to use an email service provided by an ISP, a host ISP, or an email service provider.
The previous definitions make simple distinctions, but everyday realities often hide such distinctions. For instance, most ISPs also provide email service at no extra cost. That is, as well as hooking you up to the internet, they also provide you with an email server. Hence, you may easily overlook the distinction between your ISP and your email service provider, if they are one and the same.
There are three distinctions to remember:
- ISP (internet connection)
- Email service provider (email server)
- Email program
Each is independent. Each service that you use can be supplied by a different provider, or one provider can supply them all.
So, keep in mind that you don’t have to use the email service that your ISP offers. As long as you have a connection to the internet, you can use any email service that you desire. That’s why many people who have ISPs such as AT&T, Comcast, or other major telecoms may also use Gmail provided by Google for free.
(Note that if you operate a website, your host ISP, also provides email service typically at no extra cost giving you yet another choice for your email service.)
Most ISPs, host ISPs, and email service providers not only provide email service but also provide a free email program. Nonetheless, email service and an email program don’t necessarily go together. You can use an email service yet still use a separate and independent email program. And even if you use Gmail provided by Google, you may opt to use it with an email program such as Outlook rather than with the Google Gmail program.
To gain an understanding of the email system and basic email security, it’s necessary to keep all these distinctions in mind.
Secure Email Service Provider
A secure email service provider is one that provides email according to the explanation in Chapter 5. The short description is that secure email provides automatic encryption for the journey of your email message for part of its way across the internet to its destination (to the recipient). In other words, it’s not total protection, but it’s much better than the total lack of protection you get with normal email service. LuxSci is a secure email service that I used for ten years. RMail email services are also secure.
Subscription Email Service Provider
You can subscribe (pay a fee) to an email service that offers you a capability that other email services do not offer.
For example, suppose your email service provider offers an email service that has a limit of only 50 MB (megabytes) for any incoming or outgoing email message. If you have a need to send and receive email messages with attachments that occasionally exceed 50 MB, the email service provider’s service is inadequate for your needs. Therefore, you’ll likely decide to subscribe to a special email service that allows email messages up to 150 MB. You would be willing to pay a fee to get a special email service that enables you to do what you need to do. (In this case, RMail LargeMail transfer is an alternative. See Chapter 11.)
Another example of a subscription email service is a secure email service. Most secure email services are subscription services with the exceptions of Gmail and RMail, which are free.
A router is a combination of a hardware device plus software. It serves multiple computers typically with Wi-Fi via only one connection to the internet. (Some systems, particularly old systems, use network cables instead of Wi-Fi.) An administrator controls the software and manages the connections to the network. For home networks, that administrator is probably you.
Someone can use many techniques to breach the security of your email and your general computing system. In order to keep the book simple, to refrain from presenting complexities only of interest to IT (information technology) professionals, and to avoid a lot of technical verbiage, I use hacking as a generic term to refer to any and all security-breaching techniques. And I use the term hacker for anyone who uses such techniques. Note that such techniques are not limited to digital trickery. A huge part of hacking consists of social engineering (explained in Chapter 16), which is the expertise of con artists. Indeed, great hackers are great con artists too.
I have tried to avoid the use of technical language and jargon wherever possible. Although there is plenty of tech-speak left in the book, I have written the book to be read and understood by anyone who can use a computer. Making one’s use of email safer is information that should be available to all, not just the professionals who speak the technical language. So, I ask the professionals to forgive me, and I ask laypeople like myself to stretch a little and learn some new technical terms.
History of RMail
To talk about secure email practices, an author needs to give examples. The examples in this book are based upon the RMail suite of secure email services, known as RMail features. Why RMail? Because RMail is the only provider of secure email services that offers a suite of services that work with any email software used by any sender or any recipient. It holds the patents for secure email services offered by itself and many other providers too. Virtually every other provider offers only one of the services. RMail provides them all.
RMail Inbox is a secure email service similar to LuxSci mentioned above. The difference between RMail Inbox and LuxSci is that RMail Inbox provides its secure service free and LuxSci charges a monthly fee. In addition, RMail Inbox provides instant and convenient access to all the other RMail services for which you only pay a fee if you use them a lot. Occasional use is free.
Is this book the last word in making your email hackproof? No. It’s all a matter of reducing risk. The more you can do to reduce your risk of getting hacked, the safer your online activities will be. The techniques this book teaches will make your email safe from all but the most determined and most professional hackers backed by the most massive digital resources.
To get better protection you will have to use a special browser designed for encryption, a durable encryption protocol, an ultra-secure email service provider that keeps its email servers and database repositories in a vault deep in a mountain somewhere, and other such extreme measures. The problem with setting up such a system for yourself is that it will only work if you have a coöperative recipient who is willing to set up such a system at their end of the email path. That might be possible for communications between you and one other person or several other people, but it’s not possible, as a practical matter, for general email communications.
With that in mind, this book does not cover such extreme precautions. They simply aren’t practical for everyday email use, although you might want to employ them for very specialized communication activities. What does make sense, what is practical, and what does work with all of the email services and programs used by all recipients, is the RMail suite of secure services. For all practical purposes, the RMail services will make your email hackproof while at the same time enable you to use them to communicate with any recipient. Thus, because of practicality, the RMail services are the sole focus of this book; and alternative extreme encryption techniques are beyond the scope of this book.
One caveat. If you take burdensome and impractical extreme measures to secure your email communications, you still have to worry about social engineering, which is the most successful technique hackers use to breach your security. Read Chapter 16.
With the above thoughts in mind, I bid you good luck with your efforts to improve your email security and hope you find this book helpful in doing so.
And now I have to make a final disclaimer. In 2010 my family had the opportunity of making a cash investment in RMail. In 2013 we made an additional investment. That is, we paid full price for the shares bought at those times and have been shareholders ever since. Consequently, I have a motive for writing this book that extends beyond the mere publication and the selling of individual copies.
Nonetheless, I also disclose that I’m an independent author and publisher and have received no compensation from RMail for writing the book. In other words, the book will make money depending on the volume of book sales, not on any fee paid to me by RMail.
Note that my reputation as an independent author, as outlined at the back of the book, is well established. Over twenty of my books were published by national publishers, and I wrote them all objectively. I continue that practice in this book.