By: Michael Grzesik, Infrastructure Security Specialist
With the latest disclosure by Yahoo on December 14, 2016 that it lost the information for one BILLION e-mail accounts, I have finally decided that after nearly 20 years, it is time for me to part ways with my beloved Yahoo e-mail address.
This proves to be no small task! When I put pen to paper, I have a laundry list of e-commerce sites that contain that address. The ones that I am most worried about involve my credit cards and any site that has a password recovery feature. If a cybercriminal can get into my e-mail and recover passwords from a website I use, it’s game over.
As the site list has grown, two business portals popped right out on the page: my company’s hosted Human Resource website account and the Internet site we use for company travel and expenses.
Those are personal concerns based on my company’s business practices. As an IT security professional, I understand it is important that company e-mail is filtered and protected from prying eyes. Many small and medium-sized businesses don’t have a dedicated IT security staff. They use free Internet-based e-mail providers for completing orders and customer communication. With the Yahoo data loss and admission, considering the digital security of those providers should be paramount.
If you are a small Mom & Pop pharmacy, using an older e-mail provider that doesn’t have computer network security at the top of the list may mean the difference between patient safety and a data breach.
Business e-mail correspondence should be kept separate from personal e-mail accounts like Yahoo. Change your HR, travel, healthcare and personal-finance account notification e-mails if they are sent to Yahoo. Don’t just change the account password, change the e-mail address tied to that account.
Here’s a three step program to moving your e-mail life online.
Step #1: Sign up for a Gmail account
It goes without saying that Google is in the data mining business. They want to know everything about you. Which is why I have shied away from a Gmail account for a while. The thought of hosting my personal life on their servers and them knowing about it wasn’t that appealing. That was until a recent Internet security story that enlightened me to the fact that Google takes digital security very seriously. From the Chrome web browser, to e-mail, to website hosting. It is all very fortified, secure and encrypted.
NOTE: You don’t have to choose Gmail. Be it personal or business, a home Internet service provider e-mail, Microsoft’s online Outlook.com e-mail servers or some another hosted e-mail vendor other than Yahoo is just fine. Regardless, any business owner should understand the risks to e-mail when it is hosted outside the four walls of the company.
Step #2: Make a list
Without lists, we forget what has to be done. So write down every website that could use your Yahoo e-mail address. Here’s my short list:
- Visa and American Express
- Jimmy Johns
My bank accounts are also on that list, for online banking notices. I shut down my Facebook account years ago. You get the point. There is a lot we do online now. I didn’t even include all the sites that I subscribe to; IT newsletters and technical magazines using my Yahoo e-mail address.
Step #3: Start switching e-mail addresses
Each online account will send e-mails for password resets, charges and changes, or purchases. Where do you want those to go? I want them to go to an account that I trust. So I have to log on to each website and find out where to change the notification address. Daunting, but necessary. I plan to change two or three sites a day, and take six months to transition from the old address to the new e-mail account. That way I don’t miss anything.
A recent article on e-mail account attacks suggested using three different e-mail addresses for your different roles in life. One e-mail address ONLY for work e-mail, one for serious life e-mail and one account for complete junk e-mail. I intend on using that suggestion from now on.
Conclusion: Manage your digital life
In this day and age, with cybercrime and identity theft on the rise, managing your digital life is more important than ever… be it personal or business. Some activities should have a definite line in the sand that can’t be crossed. Specifically, nothing from the IRS should ever make its way into your e-mail inbox. They just don’t do business that way. Knowing things like that is how you stay safe online. For the rest of your digital life.