Last updated May 2023

One of the most important parts of your digital security is your email. You use it to communicate with friends, family, colleagues, employers and brands. Unfortunately, this makes it a key target for hackers. 

Your email is a skeleton key, giving hackers who gain access to it away into all your other accounts. Therefore, you must keep it secure. So here are six ways to protect you and your email account.  

  1. Use a unique, secure password. 

    When creating a password for your email, ensure it is a 'secure' one. This means that rather than using a simple short word (such as your mother's maiden name) or phrase that can be easily guessed, use a password with more than ten characters that feature a mixture of upper and lowercase letters, numbers and special characters is recommended. This will make your password harder to guess or 'force' through an algorithm.   
     

  2. Don't click on unknown links. 

    Scammers and hackers often send phishing emails. These emails look like they are from friends, family or other legitimate contacts. These emails aim to get you to click on a link allowing hackers access to your computer and email, compromising your account.  

    Always check email accounts for strange or unexpected emails and ensure people are who they are.  
     

  3. Update your email client regularly.  

    Having the latest version of your email client, be that Microsoft Outlook, Apple Mail, or any other version, will ensure you have the most up-to-date protection from bugs, workarounds, and exploits that hackers may use to access your email.   
     

  4. Change your password frequently.  

    As well as creating a secure password, our experts recommend changing it frequently. This is important in case you are unknowingly caught in a data breach. Even if your email password is leaked, changing it frequently can reduce the damage if old passwords fall into the wrong hands. We would recommend changing your password every three months at a minimum.
     

  5.  Use a password manager. 

    If the above options seem overly complicated, you may want to use a password manager. A password manager will generate and save a list of secure passwords linked to each login for different accounts. It will also remind you when passwords need changing and updating. This means you only need to remember one password to keep track of all your accounts.  
     

  6. Use two-factor authentication  

    Two-factor authentication is when you use two separate devices and codes to access your email. This adds an extra layer of security and ensures that if one part of your email is compromised, for example, your password is leaked in a data breach, then fraudsters or hackers still cannot access your account. There are several different types of two-factor authentication:

    • Text: This is where you will receive an SMS or text message to your smartphone with a usually 4-6 digit code that you must enter into your email service when you attempt to log in 
    • Call: this is where an automated service will call your phone when you attempt to log in, giving you a verbal  4- 6 digit code, which must be entered in a similar way to the text message service 
    • Authenticator Apps: In our opinion, these are the best methods and are separate password-protected apps on your phone. When you log into your email, you'll be asked to go into the app and enter the current (usually the codes cycle every 60 seconds) code it displays. These are the best because they are password-protected if your phone is stolen or compromised. 

As with any security, these methods are only as secure as you allow them. So, never give your email password and authenticator code to anyone you do not 100% trust. If you notice any suspicious activity on your account, immediately report it to your email provider and change your login details.  

If you're unsure, sites such as haveibeenpwned.com can help you check if your account details have been in recent data leaks or available online.
 

Spotting Email Scams

Email scams have become increasingly common as hackers devise new methods to trick you into revealing sensitive information.  

Hackers' methods are becoming ever more sophisticated. Therefore, spotting whether an email is genuine has become incredibly difficult. Scammers are very good at disguising their attacks in messages that look and feel real.

Read our guide to help you spot warning signs: