Chapter 19 Developing Safe Practices for Secure Email

This chapter touches on a number of things you can do to enhance your overall cybersecurity and specifically your email security. These are simple things that anyone can do. Still, the primary recommendation and the purpose for this book is to use RMail and its security services to establish hackproof email. As has been noted several other places in this book, email is the cornerstone of your cybersecurity and by establishing hackproof email, you go a long way towards making your entire computer system secure.

Law Enforcement What happens when you do become the victim of a hacker? Likely nothing. The FBI has a threshold of $100,000 (or whatever the current guideline is) under which they don’t have the resources to investigate unless your case is related to other cases. Your state attorney general also has limited resources and a threshold guideline for initiating investigation that may be higher than your loss. And your state is only interested in criminals in your state. It doesn’t have jurisdiction elsewhere. Your local police will politely take notes on your complaint, but most of even the largest cities do not have the resources or will to effectively investigate cybercrime by hackers outside their jurisdiction. For all practical purposes, hackers from other countries operate beyond the reach of American law enforcement. Hackers from Russia, Nigeria, Romania, China, and other foreign states commit more than their share of the cybercrime in the US but definitely conduct their criminal activities outside the jurisdiction of American law enforcement. In most cases, you’re strictly on your own.

Protect Email Content

Your first step in developing a strategy for secure email is to analyze your email practices and decide which of your email messages require maximum protection and which of your messages require lesser protection. For most people, it does not make sense to send RMail Message-Level encrypted emails to everyone. But for many people it does make sense to send such encrypted emails:

To certain people
To certain organizations
For high value content
For sensitive information
You name it

Likewise, regarding agreements for instance, it makes sense to get a confirming email from the other party as to the agreement. But for important agreements, where a lot is at stake, it makes more sense to get a digital signature from the other party. Thus, for each RMail security service, it’s common sense to decide when to use that service and when not to do so.

Selecting Email Account Names

Chapter 14 give guidance on choosing a name for your email account. But what’s the effect of people having multiple email accounts? The effect is simply that multiple email accounts per person may provide a greater opportunity for hackers.

If the target person has multiple email accounts, the hacker may be able to hack into one account easier and quicker than the others. If so, the hacker may be able to get a good start on breaking into all of the target’s account. At the least, a hacker may be able to get additional information that enables more productive hacking of the next account.

Yet, when each email account is fully protected with appropriate security practices including separate passwords, multiple accounts are not necessarily risky. But each email account must have its own separate and strong security setup.

When you have online accounts with valuable assets, however, the considerations change. The prior information on email names is great for personal matters and ordinary business. But what about your financial matters and other high-value matters or even secret matters?

You don’t want to use the same name for financial affairs as you use for normal email. That provides potential hackers with a large playing ground to find your email and hijack it. To reduce your risk, you need to have another name (a secret name) that you use only for your brokerage, bank, and other accounts where your valuable assets reside.
You don’t want anything in your secret email name to reflect who you are or what accounts you use the name for. For example, smith-etrade@rmail.com is a terrible name, if your name is Smith and it’s for an account at E*TRADE. It’s much better to use a name that reveals nothing. How about boatfever@rmail.com. This is a good name, particularly for somebody who has nothing to do with boats.
This risk-reducing idea is really based on how much are willing to lose. If you have $3,000 in your brokerage account and somebody manages to hijack your email and steal it, that’s probably not the end of the world for you. But if you have $30,000 in your brokerage account, it seems like it’s worth taking the extra step to protect it with a secret email account.
If you have $30,000 in your bank account, another $30,000 in your brokerage account, and another $30,000 in your bank savings account, it seems to me that you might be willing to use a different secret email account for each of your asset accounts.

Of course, $30,000 as an arbitrary amount strictly for the discussion in this chapter. You have to decide what is valuable enough for you to get a separate secret email account to lower the risk of a hacker hijacking your email and using it to steal from you.

In regard to your secret accounts, you may not want to use the same email service provider for each of them. You might want to distribute your secret email accounts between different email service providers. In any event, I hope goes without saying at this point in the book that whatever email service provider you choose for your secret accounts, it should be a secure email service provider.

It’s important for you to keep in mind that if somebody steals your credit card, the credit card company will reimburse you for any losses assuming you report it in a timely manner. That’s not so when somebody hijacks your email account and uses it to hack their way in to your financial or other high-value accounts. If you lose something, it’s lost forever. As mentioned at the beginning of this chapter, you’re not likely to get much help from local, state, or federal law enforcement authorities, unless you have a six-figure loss.

Passwords

Frequently, your email name is also your login ID. In such cases, passwords are important because they are the guards standing at the gate that’s the entry to your network, accounts, online services, websites, and even your email system. It used to be that if you had a random eight-character password that includes letters, numbers and punctuation marks, you had adequate security. That’s no longer the case. You need more random characters in a password today to avoid a breach of security. How many characters you need depends on who’s telling you, but eight characters are no longer enough. A minimum of fourteen random characters will likely stop any hacking attempt.

The other problem with passwords is that people will simply use an eight-character word or other easy-to-remember group of characters as their password. Such passwords are easy to crack by hackers.

What’s the solution? The solution is simply to use many-character random passwords that you keep in a password database (wallet). You might be able to remember one random fourteen-character password for one account, but most people have multiple accounts representing multiple networks, online services, and websites. Remembering a random fourteen-character password for each account is not practical. And using the same password for all accounts is an invitation to disaster.

Currently, there’s new thinking about passwords as set forth in the National Institute for Standards and Technology (NIST) Technical Publication 800–63-1 (June 2017). The thinking now is that you do not need random-character passwords. What may be preferable is multiple-word passwords otherwise known as passphrases. Four- or five-word passphrases that you have created yourself (not a famous quotation) may suffice for maximum security. Keep in mind, however, that you want the words also to exceed fourteen characters.

For instance, TheQuickBrownFoxJumped is not a secure passphrase (i.e., it’s part of a well-known phrase). However, MyJumpingFoxNamedQuickBrown is secure.

What About Those Pesky Security Questions? You lived in Campbellsville, Kentucky when you were a senior in high school. Yesterday you picked a security question for a login that ask: What town did you live in when you were a senior in high school? Naturally, you type in “Campbellsville.” Wrong! Why would you do that? The security question is an opportunity to make your login safer. Using the correct answer certainly isn’t safe. You never know if a hacker will be able to find out that particular information about you. If you don’t put that information up on a social media website, perhaps your sister will put it up or maybe your best friend, cousin, school, or another source. How can you be sure that a hacker cannot get that information? What is the best way to handle a security question? If you use a random set of characters, it might be difficult to express those to somebody asking the question over the phone. And that happens occasionally. It’s better to use one word unrelated to the question. For instance, instead of “Campbellsville” you could enter the word “referendum.” That word has no relation to the question asked, and a hacker could never guess it. Naturally, this word is difficult to remember, but you can include it in the database in which you keep your login passwords. Use the security question as an opportunity for additional security not as an easy-to-remember word that a would-be hacker can easily discover. Regardless of what your password strategy is, you will want to have unique passwords for every account that you use, and unique security answers too. And that still requires a database to remember them all (and a secure password that you do remember in order to access your password database).

In your password database, you plug-in the URL of the login page, the login name (username), and the password. When you need to login you simply open the database program that contains your passwords, find the password you need, and copy and paste it into the login input.

Since your password database program is password protected itself, you cannot rely on the program to remember it. That’s one password you’ll have to remember.

Review password programs such as Dashlane, Last Pass Premium, Sticky Password Premium, LogMeOnce Password Management Suite Ultimate, and the like to understand what features are available. And then choose one to use.

Keystroke Logging and a Database >Keystroke logging is the process of recording the keystrokes you use on your keyboard. It can be done with hardware, software, or acoustical recording. It’s a security concern if a hacker employs it in malware to obtain passwords. If you have your passwords stored in a database, you simply click (tap) on a password to copy and paste it into a login. There is no typing involved. So keystroke logging doesn’t work. This is another reason to use a password database.

Some programs such as a Google’s Chrome browser have password databases that will serve you automatically. In other words, when you log into a certain account, the browser itself will automatically insert your password. This is the ultimate convenience. Unfortunately, large systems like Google with large databases are susceptible to hacking, and they are big targets. And even if the passwords are stored by Chrome on your computer, the passwords are not themselves password protected. With that in mind, I don’t trust anyone else managing my password database. Note that if someone breaks into your computing device, they can use the automatic password browser feature to access all of your accounts.

A password database program gives you total control of your passwords, and nobody can access this database without knowing the access password (that you have memorized) to the password database itself. It seems to me that this is the ultimate protection, and you should settle for nothing less.

Memorized Passwords Keeping your passwords in a password database does not prevent you from memorizing the ones you use most often. But be careful. I have memorized passwords I’ve used a lot for certain accounts for many months, only to have little need to access such accounts again for many months or even years. At the end of that time, when I have occasion to access such an account again, I have undoubtedly forgotten the password that I’d once memorized. That’s why it’s important to keep all your passwords in your password database, even the ones you’ve memorized.

A full explanation of passwords and how to use them is beyond the scope of this book. You may need to learn more. But the use of secure passwords (or passphrases) is very important for your cybersecurity, and it’s particularly important in using your email system. Remember, your email system is a cornerstone of your cybersecurity, and if you experience a breach in the security of your email, it can lead to all sorts of hacker hanky-panky that is guaranteed to be detrimental to you.

Biometric Passwords Your face, your finger prints, and your retina pattern are unique and can be used as passwords for online identification and authentication. The technology is here, and many organizations (public, private, profit, and nonprofit) are using it. Smart phones also enable this technology, and it will come into greater use soon. The question is, can these biometric passwords be stolen? The answer is: sure they can. Once they’re stolen, you can’t change them. You’re screwed for life. But if your passphrase is stolen, you just change it, clean up the mess, rethink your security practices, and continue on with your normal cyber life. In other words, the loss of a passphrase is not a life-long tragedy.

Let’s get very specific in regard to passwords and email. The two important concerns are: the password to your email service website and the password to your email program. You need to treat these passwords like any other password, that is, very securely.

Do not have your email program open automatically without password protection. If someone steals your computing device and can open it, your last protection for your email is the email program’s password. This is not very convenient. Every time you open your email program, you have to provide the password. Nonetheless, it’s good security. Likewise, the password to your email provider’s website where you administer your email account should be very secure.

Beyond Passwords

There are additional security schemes that go beyond just the use of passwords. They might involve the use of tokens, verification numbers, and the like (two-factor authentication, aka 2FA). They are beyond the scope of this book, but where available you may want to consider using them. Typically, they are more inconvenient and complex than normal security procedures, but for strong secure access to online accounts, the inconvenience is worthwhile.

Computer Security

Your general cybersecurity is also relevant to your email security. You need to institute software security protection for your computer. That’s firewall, antivirus, malware, spyware, and other security software. There’s a lot of competing security software available. Symantec’s Norton Security is an example for desktops and laptops. Norton’s provides firewall, antivirus, antispam, antiphishing, email, identity protection, and other security software updated daily via the internet.

All these Norton apps are general security programs that you need on your computer before you even start thinking specifically about email security. It’s beyond the scope of this book to lunge into general cybersecurity problems and remedies. Yet you need to cover the basics before you can implement email security. Norton and its competitors enable you to do so. And don’t forget your phone and tablet. They require security software too.

Let this advice be clear. You cannot expect to use secure email until first you make your computing device and network secure.

Another important practice is to protect all your computers with a password: desktop, laptop, tablet, and smart phone. The longer the password, the better. You can lose your phone, have your tablet or laptop stolen, or lose your desktop by burglary. A thief may sell your stolen device to a hacker, and without adequate password protection a hacker will make big trouble for you.

One of my secure practices is to use email only on my laptop, which seldom leaves home. I don’t use email on my smart phone or tablet. That cuts the risk of having my email hijacked considerably. Yes, sometimes I go the whole day without checking my email, although I seldom miss checking it in the morning and evening. I know this tactic isn’t for everyone. But if you find it practical, do it.

Software Updates

I’m mad at Microsoft. One of their automatically-installed updates to Windows 10 crashed my computer and caused me some inconvenience. Alas, you can’t live with the updates, and you can’t live without them; that is to say, the updates can be disruptive sometimes, but it’s suicidal to do without them.

Many software updates are patches to security holes that hackers have found and exploited or that a software company has found before the hackers. It’s essential for your email security that you install them immediately upon issue. The best way to be safe is to elect automatic updates. That way you get the security patch as soon as it’s issued. This is particularly important for your operating system, email program, and browser. Moreover, it’s important for any software that you routinely use.

There are a lot of reasons to avoid software updates. We’ve all experienced updates that we haven’t liked for one reason or another. And that’s unfortunate. But it’s not an excuse to risk your entire personal cyber enterprise by avoiding the updates. Sometimes the updates are periodic, expensive, and introduce many new features, all of which you can do without. In that case, you might safely avoid the update so long as the software company updates the old software with security updates. When the security updates stop for your software version, it time to buy the new version.

So, I’m mad at the occasional Microsoft update that causes a glitch. I’m not the first, and I won’t be the last. But the alternative (getting hacked because I don’t install the updates) is not very attractive.

On-Off

Note one significant observation on general cybersecurity. There was a time in the history of personal computers when you left your computer on 24/7 with the idea that it didn’t use much electricity and you would not have to go through a long booting procedure each time you turned it on. Those days are long gone.

The computers and peripherals today use more electricity than ever, although that is somewhat mitigated by computers going into low-energy-consumption mode or going to sleep. But there’s another more important consideration that did not exist when personal computers were new to the world in the 1980s. Virtually every computer is now hooked up to the internet, which means that literally billions of people around the world have potential access your computer.

An anti-hacking technique that is overlooked is simply turning off your computer. A hacker cannot hack into your computer when it’s turned off. So if a hacker uses a lengthy hacking procedure to break into your computer, you may be able to foil the attempt just by the act of turning off your computer at the end of the day and not turning it on until the next morning. In any event, having your computer offline for a third of the day also lowers your risk statistically of being hacked.

Today with fast booting enabled by solid state drives (SSD), you can turn off your computer every time you leave home or leave the office and not have to worry about a slow boot when you return.

Just how effective does this routine procedure work against bad things happening? It’s difficult to know. Nonetheless, the procedure is natural, easy, and saves electricity.

Router Security

Routers are filled with all kinds of security hardware and software, and it’s well beyond the scope of this book to teach you how to take full advantage of the security available in routers. The default settings for most routers are likely to be adequate for your use, unless you have some specialty use that requires special settings.

Nonetheless, there are certain basic security measures you can take to substantially decrease the likelihood that your router (your network) can be hacked.

If your ISP furnishes you only a modem, you need to buy a router to hook up to the modem. If your ISP gives you a combination modem-router, you need to use the router provided by the ISP rather than buy one separately.

If you have your choice, however, you will want to use a router that fits your needs. For instance, if it’s a router for your home, it doesn’t need to have a long-range. The longer the range, the easier someone farther away will be able to access your router. You certainly want the range to cover your home or office, but any range beyond that will just enable someone nearby in the neighborhood to potentially access your network.

Administrator’s Password

Routers that you buy usually come with a standard password (e.g., admin) for administrative access that everyone knows because it’s published in the owner’s manual. For that reason, the first thing you want to do is change the password for administrative access. Only the person managing the router should have administrative access to the router’s software. If that’s you, guard the password well.

If you get a modem-router from your ISP, you will probably be given a unique password. That’s probably safe, at least for a while, but you’ll want to change the initial password, as soon as practical, if possible, to be a password that only you know as the router’s administrator.

Router Name

You should change the name (SID) of your router (network) too. Change it to something that doesn’t indicate your ISP, your router brand, or your personal information. For instance, Seattle62 is a good example of a local network name, especially if it’s not located in Seattle. It doesn’t relate to anything digital, and you can remember it as the 1962 World’s Fair. But don’t use it. Make up your own name.

Users’ Password

In addition to the administrative password, there’s also a user password. The user password permits a computing device such as a desktop, laptop, tablet, or phone to connect to the router (network). All those who use your network will have to know the user password in order to be able to connect to the network. Beware, though, such a password should never be given out to anyone outside your home or office. And, of course, leaving your network open without any password is very insecure and invites a security breach.

Open Network You can go into almost any neighborhood in the country and find five or six networks that are available close by. Typically, most will have password access, and you will not be able to use such networks. But there’s usually at least one network that doesn’t have password access, and you will be able to use such a network as if it were your own. In other words, someone else’s open network will provide you access to the internet as well as to that Wi-Fi network itself. Of course you’re not going to hack someone else’s open network or any of the computers on such a network. But you just might use such an open network to gain access to the internet, particularly when you have some urgency and there’s no other choice. Hackers, too, can access an open network and potentially access all the computers on that network. So, beware of using someone’s open access network since it exposes you to security breaches.

Setup

Another setting to change is WI-FI Protected Setup (WPS). Disable it, if possible. It’s an obsolete security protocol that has proven to be insecure.

Encryption

A router has a setting that enables all transmissions between the router and all devices on the network to be encrypted. This safeguard is not usually set as a default, and you have to change the setting via your administrator’s access to the router. The setting you want is the most up-to-date encryption available (e.g., WPA2). If all your wireless transmissions between the devices on your network and the router are encrypted, hackers who intercept such transmissions will find them useless (unreadable).

MAC Numbers

Another safeguard (and one that’s a must-do) requires a little work. It’s the use of MAC (Media Access Control) addresses, which are 12-digit numbers (e.g., a5:12:f2:c7:fb:d3). Each computing device whether it be a desktop or phone has a unique MAC number that identifies it. You can program your router, via your administrator’s access, to admit to the network only those devices with the MAC numbers you have listed.

You simply get the MAC numbers of everybody’s computing devices and add such numbers to a list in the router software. (For any particular computing device, you can go on the internet and find out how to find the MAC number for that device.) Once you enter the MAC numbers into your router, only those devices with MAC numbers that have been entered onto the router list will be able to get on your network. This is a security precaution that few people use but taken together with all the other safeguards make your Wi-Fi network as hackproof as possible.

Firmware Update

The last safeguard you can apply to your router is to install all the firmware updates. Firmware is the software that hardware uses to operate itself. The firmware updates (free) for a router invariably include programming that improves security. These are updates you don’t want to miss.

Followup

How do you manage the router beyond the initial set up?

You need to change the administrator’s password occasionally.
You need to change the user’s password occasionally, and promulgate the new password to all the users.
When a user gets a new computing device, you need to add the MAC number to the list on the router, and subtract MAC numbers for devices out of use.
You need to install updates to the router firmware.

Pretty simple stuff, yet it takes a little work. The router is one place where you can easily enhance your overall cybersecurity. Beyond what I’ve outlined, it’s not clear what more you can do with your router to make it secure. But every model of a router is different, and in a last effort to make your router safe, I recommend reading the router user’s manual.

Public Wi-Fi

When it comes to a public network, you have absolutely no control over router security. For that reason, you should be extremely cautious about what you do over a public network connection. Do not shop, participate in financial transactions, access your credit card account, visit other financial accounts, or conduct any secret, high-value, or sensitive communications.

Does that mean that you can’t do any of these things in public network? In fact, you can do so safely. You need to subscribe to a VPN (virtual private network) service. The VPN service installs programming governing your connection to the public network. All your email and other connection transmissions over the Internet go to the VPN server encrypted so that no hacker can hack into your online activities. The VPN server in effect becomes you.

The VPN server sends and receives all your transmissions on the Internet as if it were you. But all your communication with the VPN server are encrypted and hackproof. The local hacker who is 50 yards away from your hotel or coffee shop is going to have a difficult time hacking into the VPN server, which is maintained by IT professionals and may be hundreds or thousands of miles away.

RMail Email Service Can you use RMail Inbox or RMail Web while on a public network and be sure of secure email transmission? Well, there is the risk of fatal flaws as outlined in Chapter 5. And those risks are compounded by the risk of using an unsecure connection to a public router (hot spot). So I think the answer is clearly no, although using some encryption function is better than doing nothing for security.

The downside of using VPN when you’re on a public network is that it may slow down your internet activities. Whether does or not depends on a lot of factors, most of which are out of your control. But you can turn VPN on and off as you need it, although I recommend that when on a public network you keep VPN on full-time just to be absolutely safe. Note that there are VPN services that you can use on a daily, weekly or monthly basis only when you need to use VPN, such as on a business trip or while you’re on vacation.

You might ask, why not use VPN at home or at the office so you don’t have to worry about local networks, routers, and all that? I suppose that’s a possibility, but most people don’t like to have their internet activities slow down or make them more complicated than they are already. And most people don’t like to pay an extra fee for VPN service.

Fake Network Be careful. Is the public Wi-Fi network that you access the correct one? Get the name of the correct network (hot spot) from the proprietor (of the hotel, coffee shop). Don’t make the mistake of connecting to a fake hot spot operated by a hacker.

Another solution, albeit a more expensive one, is to use your smart phone as a hot spot (a router). You can connect your computer to the hot spot in order to access the internet. The smart phone’s connection to the internet via the cell tower is encrypted. Your concern is with your computer’s connection to the hot spot.

Unfortunately, the features and practices for using phones as hot spots vary greatly and are beyond the scope of this book. Some enable strong security. Others offer only weak security. Treat this scheme like any other router connection with all the requisite precautions.

Shared Computer Never ever use your email on a shared computer, such as a library computer. This is an invitation to disaster. Not only can you not protect yourself with VPN, but you never know what your software may leave on the computer for someone to come along and discover. And, of course with a lot of people using it, a shared computer could be loaded with lots of evilware.

Finally, when using your computer in the vicinity of a public network, turn off auto join. You don’t want your computer to automatically connect to a public network without you knowing. Without auto join turned on, you will have to manually connect to any network. It may not be convenient, but it’s safer. And by the way, for smart phones and other computers, turn off Blue Tooth while in public when you’re not using it.

Business

What does business security call for? It calls for a security manual. Whether you are one person or many, you need to develop a guideline for when you will use a particular email security service and when you will not. Why is this important? Because you don’t want to keep in reinventing the wheel, and you want your partners, colleagues, and employees to use consistent security practices. A thoughtful security manual will dictate appropriate uses of email security services, and it will be an ongoing reminder of what you’ve decided to do.

For instance, you may not have requested a digital signature from anyone for several months, and now you’re faced with the decision as to whether to get a digital signature on a new contract. You refer to your security manual, which indicates that it’s prudent to get E-sign signatures for all contracts involving $2,000 or more.

You thought this through when you wrote the security manual. Now you don’t have to think it through again. All you have to do is refer to your security manual. If the contract involves under $2,000, you won’t bother to get an E-sign signature and will settle for a return email acknowledgement. If the agreement involves over $2,000, you will take the trouble to get an E-sign signature from the other party.

Your security manual does not have to be long and verbose. Indeed, it’s better for it to be short and to the point, maybe as short as one or two pages. It should be a quick reference, not a reference that requires a lot of reading. And it should not be limited to using RMail services; it should also include everyday practices to protect yourself against social engineering, as discussed in Chapter 16.

Everyone’s security manual will be different based on their profession, business, personal activities, security services available, and so forth. If you don’t like the idea of having a security manual, simply think of it as what it really is: a security reminder.

A security strategy does not begin and end with one person, however. The development of the security manual should include all employees and partners as part of the process of getting them to buy in to sound security practices. An added benefit is that certain employees and partners will come up with good ideas for the efficient and cost-effective use of security practices.

The development process for creating an email security strategy and reducing it to writing does not have to be long. Maybe just a few meetings? How else are you going to ensure that your organization has adequate security practices to protect employees, clients, customers, partners, and your business reputation?

Indeed, you may even want to request that those with whom you do business follow secure email practices. For instance, if you’re a law firm handling high-value real estate transactions, you may want to require the title company with which you do ongoing business to institute secure email practices. That being so, your security manual may be something that you will find helpful to export to others.

Home

And yes! You should have a security manual or at least guidelines for your family to use. A security manual can not only educate members of the family but also remind members of the family that security begins at home. In fact, security awareness at home might be much more important to you than security at your business.

For instance, if you have bank accounts or brokerage accounts with large monetary value, you will want to make sure that your personal email and other personal online activities have first rate security. That holds true for credit cards with high maximum amounts, and the like. Hence, security practices are not just up to you. In order to fully protect yourself you have to make sure that others on your home Wi-Fi network are also security conscious.

Enterprise Security

Discussing enterprise security (large organization security) is beyond the scope of this book. That specialty falls to the IT department of your organization. If your organization doesn’t have written security guidelines and training for security practices, however, you may want to point out to management that the lack of a security manual is endangering the business, business reputation, clients, customers, employees, and others involved in the operation of the business. In some places a security manual might be called a policy statement.

Not the End of the Story

Security is an ongoing concern. Be aware. Keep up on the latest security threats and take preventive measures if necessary. Keep up on developments for better security. There is no silver bullet for security threats, and there will never be an end to security problems. One easy way to cope is to use RMail. RMail and its services will provide you with useful security tools, and RMail Tech Essentials (a weekly briefing) and RPost Insights (a monthly newsletter) will keep you up to date on what you need to know for maximum cybersecurity, particularly in regard to your email. See the RMail website for access to the RMail Tech Essentials and RPost Insights.