SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Internet users still trust big email providers - despite major breaches
Tue, 9th May 2017
FYI, this story is more than a year old

Internet users still trust global email providers like Yahoo, Gmail and Outlook but don't know quite as much about privacy-focused services, a new survey from NordVPN has found.

Out of 2000 respondents, 43% said they didn't know how to answer the question. 36% believed that Gmail cared about user privacy the most; followed by Outlook (22%) and Yahoo (14%).

“The scale of the breaches regularly experienced by popular email providers raise concerns about how big companies protect their data,” says Marty P. Kamden, CMO of NordVPN (Virtual Private Network).

NordVPN cites reports that more than one million Gmail and Yahoo accounts, including usernames, emails and passwords, are being sold online for bitcoins.

In addition, the 2014 Yahoo breach affected more than 500 million email accounts. Gmail requires personal information despite not being directly breached, NordVPN states.

Microsoft has not escaped the breaches either - in 2016 Microsoft Office clients were hit by a ransomware attack. According to NordVPN, it took 24 hours for Microsoft to respond and block the attacks.

When asked to name email providers that apparently offer privacy, only a small percentage of respondents were able to do so. 4.5% of respondents identified Countermail, 6.3% of respondents identified ProtonMail and 3.56% identified Tutanota.

According to NordVPN, this suggests that internet users need to educate themselves about secure email providers.

“We at NordVPN try to remind people to put their online security into their own hands: to use strong passwords, encrypted email providers, and VPNs,” Kamden says.

NordVPN recommends the following for online privacy:

1. Switch to an encrypted email provider, such as ProtonMail. ProtonMail is a free encrypted email service provider, offering end-to-end encryption – meaning even the provider itself cannot decrypt and read subscribers' emails. No personal information is required to create accounts, and the basic account service is offered free of charge. Other secure email providers include Tutanota and Countermail.

2. Use strong passwords and a password manager. Perhaps the most basic requirement for any online account setup is using strong passwords, and choosing different passwords for different accounts. Weak passwords make it simple for hackers to break into an account. A strong password has a minimum of 12 characters, and includes a strong mix of letters, numbers and characters.

It's not easy to remember strong passwords for each site, so it's recommended to use a password manager, though some – such as LastPass – have also experienced security breaches. In any case, password managers are still recommended for safety and security – such as truekey.com, LastPass and 1Password.

3. Turn on multi-factor authentication. Multi-factor authentication is a security system that will a user to access their online account after they log in with their username and password, and then require the second-step authentication: either through a fingerprint scan or by sending a code via text. Most sites, including email providers, already offer multi-factor authentication as an option.

4. Use a VPN. VPNs encrypt all traffic between a user's computer and a VPN server, providing complete privacy and security in Internet browsing experience. The only information visible to any intruder or hacker is the connection to a VPN server and nothing else. All other information is private as it is encrypted by the VPN's security protocol.