Take precautions when using Gmail--or any other email service

Google's almost ubiquitous email client doesn't guarantee that your email will be private, or that your account won't be hacked.

G. Jitchaku asked me if Gmail was "safe." That's a very broad question, so I'm offering a very broad answer.

Nothing in this world is ever entirely safe, and that goes double for anything that lives in the cloud. If you use Gmail, your mail could be read by someone other than the intended recipient, or your account just might get hijacked.

That's the case with every email service. Whether you use Gmail, Outlook, or your ISP's email service, you need to protect yourself. I'll concentrate on Gmail here, but the basic advice applies to any mail service.

[Have a tech question? Ask PCWorld Contributing Editor Lincoln Spector. Send your query to answer@pcworld.com.]

Let's start with privacy and security.

Email is, by its nature, an open book. Your message passes through multiple servers between your and your recipient's computers. In all likelihood, no one will read them. But you have to assume that someone might.

Gmail helps by encrypting your mail with SSL between your computer and Google's network. But if the recipient isn't using Gmail, the message's journey from Google to the recipient will not be protected. Google is building a Chrome extension to address this issue.

There are potential leaks in the email security formula too. Google has its own financial reasons for reading your mail. Every company has disgruntled and dishonest employees. And as Heartbleed proved, SSL isn't perfect.

I discussed Gmail privacy issues in more detail last year, so let's go on to protecting your account from hackers.

Accounts get hijacked all the time, and you need to take precautions. First, use a strong password. It should be long, complex, and impossible to guess, but easy to remember. And you shouldn't use it for anything except your email service. If you don't use one already, get a password manager.

Second, set up two-step verification. With this feature on, if someone logs onto your account on a PC that you haven't personally authorized, Google will text a code to your cellphone. You--or whomever is masquerading as you--will have to enter that code to get access. If they don't have your cellphone, they can't access your account.

Here's how to set up Gmail's two-step verification:

Obviously, you should uncheck that option on a public computer at a library or on campus.

That brings up another important point: When you access email on someone else's computer, always be sure to log off when you're done. You never know who will sit down in the chair after you leave.

Join the CSO newsletter!

Error: Please check your email address.

Tags emailGmailpcworldGooglesecurity

More about Google

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lincoln Spector

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts