Story image

Internet users still trust big email providers - despite major breaches

09 May 17

Internet users still trust global email providers like Yahoo, Gmail and Outlook but don’t know quite as much about privacy-focused services, a new survey from NordVPN has found.

Out of 2000 respondents, 43% said they didn’t know how to answer the question. 36% believed that Gmail cared about user privacy the most; followed by Outlook (22%) and Yahoo (14%).

“The scale of the breaches regularly experienced by popular email providers raise concerns about how big companies protect their data,” says Marty P. Kamden, CMO of NordVPN (Virtual Private Network).

NordVPN cites reports that more than one million Gmail and Yahoo accounts, including usernames, emails and passwords, are being sold online for bitcoins.

In addition, the 2014 Yahoo breach affected more than 500 million email accounts. Gmail requires personal information despite not being directly breached, NordVPN states.

Microsoft has not escaped the breaches either - in 2016 Microsoft Office clients were hit by a ransomware attack. According to NordVPN, it took 24 hours for Microsoft to respond and block the attacks.

When asked to name email providers that apparently offer privacy, only a small percentage of respondents were able to do so. 4.5% of respondents identified Countermail, 6.3% of respondents identified ProtonMail and 3.56% identified Tutanota.

According to NordVPN, this suggests that internet users need to educate themselves about secure email providers. 

“We at NordVPN try to remind people to put their online security into their own hands: to use strong passwords, encrypted email providers, and VPNs,” Kamden says.

NordVPN recommends the following for online privacy:

1. Switch to an encrypted email provider, such as ProtonMail. ProtonMail is a free encrypted email service provider, offering end-to-end encryption – meaning even the provider itself cannot decrypt and read subscribers’ emails. No personal information is required to create accounts, and the basic account service is offered free of charge. Other secure email providers include Tutanota and Countermail.

2. Use strong passwords and a password manager. Perhaps the most basic requirement for any online account setup is using strong passwords, and choosing different passwords for different accounts. Weak passwords make it simple for hackers to break into an account. A strong password has a minimum of 12 characters, and includes a strong mix of letters, numbers and characters.

It’s not easy to remember strong passwords for each site, so it’s recommended to use a password manager, though some – such as LastPass – have also experienced security breaches. In any case, password managers are still recommended for safety and security – such as truekey.com, LastPass and 1Password.

3. Turn on multi-factor authentication. Multi-factor authentication is a security system that will a user to access their online account after they log in with their username and password, and then require the second-step authentication: either through a fingerprint scan or by sending a code via text. Most sites, including email providers, already offer multi-factor authentication as an option.

4. Use a VPN. VPNs encrypt all traffic between a user’s computer and a VPN server, providing complete privacy and security in Internet browsing experience. The only information visible to any intruder or hacker is the connection to a VPN server and nothing else. All other information is private as it is encrypted by the VPN’s security protocol.

How to stay safe when shopping online
Online shopping is a great way to avoid the crowds – but there are risks.
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Why data backups should be a part of daily operations
"Disaster recovery needs to address complete system failure and provide a set of security policies to govern disaster incidents."
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.
Corelight and Exabeam partner to improve network monitoring
The combination of lateral movement and siloed usage of point security products leaves many security teams vulnerable to compromise.
SailPoint releases first identity annual report
SailPoint’s research found that many organisations are lacking maturity in their governance processes over identities.
Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.