Your Docusaurus site did not load properly.

A very common reason is a wrong site baseUrl configuration.

Current configured baseUrl = / (default value)

We suggest trying baseUrl =

Why You Should Own a Custom Domain for Email?

With a Gmail account being free, you might be wondering if there is a need for owning a custom domain in the first place.

In this article, we’ll introduce five reasons why you should own a custom domain for email, especially if you run a small business, but also for individuals.

Before you read this, here are 5 reasons to drop Gmail.

It Improves Your Credibility Greatly#

If you’re an individual user no one will bat an eye on you using Gmail and in fact, it’s kinda expected. People are so used to others using Gmail that they often no longer ask “what’s your email?” but rather “what’s your Gmail?”.

However, in a business setting, the rules are slightly different. Here, you need to make sure that your business is represented professionally in every aspect and email is a huge part of that.

So a business email address that ends with @gmail is a big no-no.

Better Brand Awareness#

That ending part of your email after @ is supposed to represent your business and not Gmail or Google.

However, by using a custom domain with your business or name, you can set yourself apart from the jungle (there are 1.5 billion Gmail accounts today) and establish better brand awareness.

This even works for individual users. Let’s say you’re a freelancer looking for clients. An email that ends with your name will do a lot more to represent you as someone professional and worth working with than a simple @gmail one.

Take it With You#

Another issue with free email domains is that they are tied to that specific provider.

So let’s say you’ve been using an email address like [email protected] and one day you decide to move to another email address. Well, you can no longer use @gmail so now you have to get a new address, migrate your contacts there and so on.

With a custom email domain, however, you can take your email with you wherever you want. That means “owning” your email.

You Control the Capacity#

With free email providers like Gmail or Yahoo!, the storage is hard-set.

A Google account, for instance, is limited to 15GB of storage and that is spread across several services you are using, not just email.

However, if you’re using a self-hosted domain, you can manage your own storage capacity and add more by simply upgrading to another package for a little extra cash.

It’s More Customizable#

Well, the word “custom” is in the custom domain so it makes sense that you can customize it however you want.

If you’re a business, for instance, you don’t want to receive all your emails in one place. That’s a recipe for disaster.

Instead, you’ll want to have a separate email address for, let’s say, your finance department, customer service, sales, as well as individual employees like:

Conclusion#

Of course, those were only the biggest advantages of using a custom domain for your email, but there are many more besides.

Ultimately, it can be summarized into one word “control”. Simply put, with a free email domain you are in no way in control of your email and a custom email domain can provide just that.

Of course, none of this will truly matter if your email is not secure, so be sure to check out our 20 email security best practices here.

What is a Private Key and How to Store it?

Entrusting your data to a third-party service to protect it from cyberattacks might be convenient, but ultimately, there’s no guarantee that they will protect it.

With decentralization, you can take ownership over your data, but this comes with its own responsibilities, namely to safely store your private key.

In this article, therefore, we’ll explain what a private key is in the first place and how you can store it safely.

What is a Private Key and Why is it Important?#

As we exchange more and more data over the Internet, the risk of that data getting into the wrong hands drastically increases.

That is why you need a way to securely communicate online and that is **public key encryption.

This is a method of encrypting sensitive data with a pair of keys - public and private.

The public key is available for anyone to use and is used to encrypt the data, for instance, an email message you don’t want anyone but the recipient to read.

However, once the encrypted data reaches the recipient, they need a way to decrypt it, that is to revert it back into its original, non-encrypted state. Otherwise, they won’t be able to read it and it will look like random garbage.

This is where the private key comes in.

This key decrypts the data back from ciphertext into plaintext and unlike the public key, which anyone can access and have, only the intended recipient can own a private, or secret key.

Here’s an example of how this works:

  1. Let’s say you want to send a “hello” message to someone. This would be a plaintext.
  2. To make it secure, you need to turn it into a ciphertext by using a public key, let’s call it 2x0t0q85
  3. Now, in order to read the message in plaintext, the recipient will need a private key to add to the ciphertext. Let’s say that the key is 4Vcs84q5.

How to Store Private Keys?#

As the private key needs to be something that only you can access this immediately eliminates using a third-party provider like the cloud for example.

The reason being is that a malicious actor can gain access to it and the service itself might go out of business, taking your data with it.

This leaves a few other options, namely: 1) ### Decentralized Cloud Storage

We know we just said that you shouldn’t store your private keys on the cloud, but that goes for centralized clouds like AWS, Google Drive, Microsoft Azure and the like.

Things are different when it comes to decentralized cloud storage.

For instance, Telios uses the Sia cloud to store your private keys. Sia uses unallocated hard drive space from computers or peers in its decentralized network. What this means is that there is no single point of failure to worry about. 1) ### Hardware Wallets

Another option you have, if you don’t want to keep your private keys online at all, is to use a hardware wallet.

This is a device similar to a flash drive that, in addition to storing your private key, also lets you set a seed word or a mnemonic phrase. That way, even if you lose your wallet or someone steals it, they’ll need to know your seed word to access the private key.

Here are 10 best practices to keep your passwords safe.

You can check out Trezor Model One or the D’Cent Biometric Crypto Wallet on Amazon, for instance, if you’re looking for one. 1) ### Flash Drives

One issue with hardware wallets is that they can be expensive. Most of them cost $100 and above.

If you’re looking to save money you can use a flash drive. The benefit of this approach is that it is cheap. You can buy a flash drive for $5.

However, unlike a hardware wallet, which will have a seed word and encryption itself, flash drives have no such protection so if you lose it, or it gets stolen, the other person can access what’s inside without much trouble. 1) ### On Your Computer or Smartphone

You can also opt to store a private key on your computer or smartphone.

This saves you the hassle of having to use another device to store the key and then having to plug that into your computer to access the key.

Of course, the problem arises when your device is online, which is today most of the day. This ultimately leaves your private key vulnerable if someone hacks your device and there’s also a danger of getting it stolen so you’ll need to protect the device itself with a password, PIN, or some sort of biometrics.

Conclusion#

Of course, there are a lot more ways to store your private keys Than these four. Let us know in the comments which ones we missed!

Top 10 Password Best Practices That Will Help Keep Your Email and Other Accounts Secure

Ah, the password. Probably the only thing we have to protect our accounts and yet we put so little into creating one that will actually do its job.

In this article, we’ll give you 10 password best practices that will help keep your email (and other online accounts) secure, so let’s dig in straight away.

Before we start, remember that the password is not the only email security best practice you should employ to keep it safe.

  1. Stop Reusing Passwords#

    Reusing passwords is probably the biggest offender when it comes to account security and despite multiple studies and reports showing what a bad habit this is, people still do it.

For instance, according to Finance Online, 44% of workers reuse their passwords across personal and work accounts.

Would you use the same key for your house, car and any other lock? Of course you wouldn’t, even though it’s a hassle to carry a bunch of keys in your pocket, just like it’s a hassle to remember a bunch of passwords.

So stop reusing your passwords as well.

  1. Stop Using Personal Information in Passwords#

    According to the United States of [email protected]$ report published by Google and Harris Poll in October 2019, 59% of US adults use a piece of personal information like a name or birthday in their passwords.

This, of course, is another bad habit people have when it comes to passwords and one you should ditch immediately if you’re doing it.

Stuff like your children’s name(s), your partner’s or spouse’s name, or your pet’s name is something that people normally love to share as they naturally love these, the caveat to sharing such information on social media is that someone with less honest intentions might see this.

For instance, if someone wants to guess your email password and they see that you post a lot of photos of your children, they might come to the conclusion that your children mean so much to you that you might even use their name in a password.

  1. Avoid Using Common Words and Passwords#

    You’ve probably heard this time and again, but it bears repeating.

Stop using common passwords like “12345678”, “qwertyuiop”, or “password”!

According to NordPass Top 200 Most Common Passwords, it takes less than 1 second to crack each of these passwords.

That’s even easier than just telling them the password!

And those are not the only common types of passwords people love to use.

Are you a fan of a sports team like Liverpool and thinking of using their name as a password? Around 500 million had the same idea, according to Cybernews.

Or, is your name Alex and you think that it would be a perfect password? So do 7+ billion other password users.

Look, the only way passwords like these can protect your account is if the hacker is absolutely sure there is no way in hell you would be so dumb using them, so don’t be.

  1. Use Every Type of Character at Your Disposal#

    When you’re writing something, you don’t just use small caps, for instance, do you? No, you use lower caps, upper caps, special characters to punctuate things and numbers when needed.

So why are you using just one of those in your passwords? Because it’s more convenient? So is using only one when writing and still you wouldn’t think of doing this.

Your passwords should ideally use all of these (capital letters, small letters, numbers and special characters).

For example, if you’re so keen on using the word “password” as an actual password (we still don’t recommend this), you might mix it up a bit and use something like “P4$$w0rd” instead, which would be at least a little harder to crack.

  1. Don’t be Predictable#

    One extremely predictable thing people do when creating passwords is to simply attach a number or a sequence of numbers at the end of the same password.

So, for instance, you might get something like “password1”, “password2”, “password3” and so on.

Hey, they haven’t reused the password but they might have as well.

But let’s say they followed the advice to use every type of character in their password. That’s great. Except that in most cases, it will look something like this “Password#1”.

I mean, look, everything is there. There’s the capital letter “P”, some small caps, a special character “#” and a number “1”. So what’s the problem?

Well, the problem is that most people write this way and it’s highly predictable. That’s not something you want when it comes to passwords at all.

Instead, you want to mix it up a little and maybe make a password look more like this “p4$$W0rδ”.

  1. Use Longer (but Not too Long) Passwords#

    When it comes to password length, most websites will have certain requirements when it comes to length and won’t allow you to use extremely short, 4-5 character passwords, for instance.

The minimum accepted password length for most websites is 8 characters long, but even this is often not sufficient to protect your account from a determined password cracker.

According to LMG Security penetration testers, any 8-character password can be cracked in less than 8 hours. And that goes for passwords that properly use uppercase, lowercase, symbols and numbers as well.

Now, add just two characters and it now takes 8 years to crack such a password. Two more and it’s 77,000 years and so on.

So, what’s the logical conclusion here?

That the longer the password, the more time it takes to crack it, right?

But there’s a disadvantage to this that you need to consider.

Long passwords are more difficult for hackers to crack, but they’re also more difficult for the user to remember.

So, while a 30-character password, for example, might take I don’t know how many quadrillion years to crack, it will be useless to you if you forget it, so keep password length at an optimal 12-16 character length.

  1. Don’t Share Your Password#

    Sharing is wonderful. We should all be sharing more with others.

But the one thing that you shouldn’t be sharing is your password.

And still, that’s something that 43% of Americans do according to the Google/Harris Poll report.

“But I’ve only shared my password with my significant other”, I hear you say. Yes, but would you remember to change the password if you two break up? Because only 11% of those who shared a password with a significant other remembered to do that.

Share a bottle of wine, a nice chocolate cake, or just your time with them, but maybe not your email password, or at least remember to change it if things don’t work out between you two.

  1. Update Your Passwords (but Only if They are Compromised)#

    I just gave you one reason to change your password. If you previously shared a password with someone and you are no longer on good terms with them, they might use this to take revenge or will simply share it with someone else not caring.

Of course, this isn’t the only reason to update your passwords periodically.

Give a hacker enough time and resources and they will eventually crack that password you made 5 years ago.

So, how often should this be?

Well, for a long time, the common advice you’d get would be to change the password every 1-3 months. However, that’s actually counterproductive for your account security.

Why? Well, if you frequently change passwords, there’s also less chance for you to remember them and that might mean that you’ll use weaker passwords.

The NIST (National Institute of Standards and Technology) discourages frequently changing passwords in their recommendations.

Instead, they recommend doing it only if the password might be compromised, saying:

“When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised.”

One way to know if your email or other accounts have been in a data breach is to check HaveIbeenpwned. Simply enter your email and it will tell you if it’s been in any data breaches. If it was, then change the password.

  1. Use 2FA (Two-Factor Authentication)#

    Regardless of how strong and unique a password is, there are always ways it can get into the wrong hands. And if it’s the only protection on your email or another account, it’s just not sufficient.

Simply put, relying solely on passwords won’t do the job.

Instead, you should add another layer of protection in the form of a verification method known as “two-factor authentication” or 2FA.

This can be a PIN, token, SMS message, biometric scan or something else that only you would either possess or know. By adding this on top of your username/password, you will greatly increase your account security even in situations where the password is compromised.

  1. Use a Password Manager to Store Your Passwords#

    Having trouble remembering your 50+ passwords (it’s not a joke, the average user does indeed have 100 passwords according to one study done by NordPass in 2019)?

That’s okay, you can just write them all in a notepad file labeled “Passwords” and keep everything nicely organized.

Or you can allow your browser to remember the passwords for you.

Wrong on both of these.

Look, I have trouble remembering 5 passwords, let alone 50 or 100 and I keep forgetting passwords all the time just like you, but the last thing you should be doing is to keep your passwords on an unsecured notepad file or written on a piece of paper or letting your browser remember them.

One study conducted by OnePoll revealed that 65% of people will forget a password unless they write it down somewhere.

Another interesting study, led by Rutgers University and Aalto University, published in August, 2018, went into the psychological reasons why people forget their passwords.

The study proposes that:

“Human memory naturally adapts according to an estimate of how often a password will be needed, such that often used, important passwords are less likely to be forgotten.”

If this is you (and I bet you are), there’s a better way to store your passwords and it’s called a password manager.

Conclusion#

The idea of a word or a phrase that you would use to access something is as old as human history itself.

Back in the days of ancient Rome, different units had their unique “watchwords” that proved you were their member.

In the 1920s, during the prohibition, the only way to enter a “speakeasy” and get a glass of “The Bees’ Knees” was to know a particular password or you’d get the “don’t know what you’re talking about, see” from the pinstripe suit-wearing guy a the door.

The first digital password was made in 1961 by Fernando Corbato, a science computer professor at the time at MIT, who devised this as a way to give students access to a private terminal on the time-sharing computer he built at the time.

Of course, it was a lot easier for the Roman legionarius, the 1920 guy who wanted to show his “gal” some good time, or the 1961 MIT student. They only had that one password to remember, while we today have dozens.

But it’s much more important for us today to keep our passwords safe as they are often tied to accounts that contain our sensitive information, like our email.

For this reason, I hope these 10 password best practices will help keep your email and other online accounts secure.

Your Email Has been Hacked! Now What?

alt_text

Hacking emails is a favorite pastime for most cybercriminals and it could happen to you as well.

Therefore, in this article, we’ll talk about how this happens, how to recognize if your email has been hacked and what to do when this happens.

How are Emails Hacked?#

There are three main ways in which your email can be hacked:

  1. Phishing

Phishing is a technique in which the attacker sends a seemingly legitimate message to the email user and tricks the user into visiting a fake website where the user can unknowingly “verify” their information and thus give the hacker their login credentials.

The attacker, which usually pretends to be a legitimate business, like a bank that the user might be a client of, for instance, will often either create a fake (phishing) website that looks almost identical to the real one, or they will send malicious software via an infected URL link.

  1. Man in the Middle Attack (MitM)

A Man in the Middle Attack (MitM) happens when a hacker secretly infiltrates a direct communication between two email users without them knowing.

Since the users are unaware that there is a third person listening in on their communication, the hacker can this way get to a lot of sensitive information before they are found out.

If you want to know how your email messages travel the Internet (how email works), check out this article about it.

  1. Password Guessing

Password guessing is a very simple, yet often effective technique by which a hacker can get your email password.

There are two types of password-guessing attacks:

  1. Dictionary Attack: In which the attacker uses a dictionary of common words to identify the password.
  2. Brute Force Attack: Where the attacker tries every possible combination or password until they find the right one.

How to Tell if Your Email is Hacked?#

alt_text

You may not even know that your email has been hacked. Luckily, there are 4 tell-tale signs that something is wrong with your email account:

  1. A Friend, Family Member, or Colleague is Asking You Why You’re Sending Them Spam

Nobody likes spam messages and that’s certainly no way to make friends. So you can understand the confusion from your friends, family members, or colleagues when they receive spam from you.

This is a sure sign that your account has been compromised and the hacker is using it to send messages in your name.

  1. There’s Something Strange About Your Outbox

Hopefully, you are keeping your sent messages folder neat. However, you may see some strange and even spam messages in there that you definitely didn’t write.

Well, someone else did and that someone has managed to hack your email account.

  1. Your IP Address is All Over the Place

An IP (Internet Protocol) address is a digital address of your device on the Internet and it’s always the same. However, if you see a different IP address in the IP log that is a sign that someone has been logging in to your account from another location.

Of course, if you’ve been using a VPN (Virtual Private Network), your IP will be routed to a different server and will be different because of it.

  1. You are Unable to Log in to Your Email Account

Finally, the biggest “your email account has been hacked” sign is if you get a “username or password incorrect” message.

What this means is that a hacker has taken control of your account and has changed the password.

What to Do if Your Email Gets Hacked?#

alt_text

So what should you do if your email gets hacked?

First, do not panic, for sure.

Here are a few things that you should do instead:

  1. Immediately Change Your Password

One of the first things that the hacker will do if they get control of your email account is to change your regular password so they can lock you out of your own account.

Because of this, time is of the essence here so you need to act quickly to any sign of a potentially compromised account by changing your password immediately.

When choosing passwords, always keep these rules in mind:

  • Use a different password for each account (email, social media, etc.)
  • Use a strong password (at least 12 characters long, including lower and uppercase letters, numbers and special symbols)
  • Don’t tell anyone your password (this goes double for your email password)
  1. If You Can’t Change the Password, Use the Email Recovery Service

Okay, but what if the hacker was faster than you and has managed to change your email password before you had the chance to act?

Well, this is where those security questions that your email provider had you fill out when you first opened the account will come in handy.

What you can do if you’ve been locked out of your email account is to use the email provider’s “forgotten password” option. This will take you to a dedicated webpage where you recover your account.

Speaking of email providers, here are the 9 most secure server-based email services and why it’s better to use a decentralized one like Telios.

  1. Check Your Computer for Viruses and Malware

A hacker will often use some kind of malicious software or virus to take control of your email account.

Usually, they will deliver these through an infected link sent to you in a phishing email.

If you notice your device working sluggishly or otherwise acting strangely, this could be a sign that it has been infected. Be sure to set up an automated scan to find and root out any malware and viruses from your device.

  1. Check Your Other Accounts

Since your email is connected to your other accounts, like social media, they could be compromised as well.

Are you seeing any strange posts that you know you’ve never sent, like perhaps posts about some scammy product or service that you never used on your social media? That could mean that your social media account has been compromised too.

  1. Warn Your Contacts

Finally, you should warn your contacts that your email has been hacked and that they shouldn’t trust any messages that come from it.

Often, fraudsters will use a hacked email account to send messages to its contact asking them for money and scamming people in your name.

Conclusion#

Account Takeover (ATO) increased by more than 300% between 2019 and 2021 according to the Q3 2021 Digital Trust & Safety Index report by Sift. A large part of this is, of course, email ATO.

If this happens to you you might be a victim of identity theft or other fraud which could cost you hundreds or thousands of dollars for individuals or millions for businesses.

Obviously, this is something that you want to avoid and hopefully this article will help you identify the red flags that your email has been hacked and what actions to take if this happens to you.

Also, make sure to check out our 20 email security best practices to know how to protect your email privacy and security.

Telios Becomes Wave 1 Grantee for Coreum’s Blockchain Network

alt_text

Coreum, a 3rd-generation layer-1 enterprise-grade blockchain recently revealed the wave 1 of the grantee projects that will be built atop its network and we are excited and proud to announce that Telios is among them.

This first round of grantees is focused on DeFi protocol and wallet components and is backed by the Sologenic Development Foundation.

Bob Ras, co-founder of Sologenic said:

“During the bear market, when many cryptocurrencies and projects are declining in value, big players are getting back to the fundamentals by placing investments into the underlying technology - into Layer-1 projects. As an enterprise-grade blockchain, Coreum’s modular and interoperable design provides the core infrastructure necessary for these grantee projects to flourish, especially amid these market conditions.”

Five other grantees besides Telios were selected for the initial round, including:

  • Amber - a free-to-play NFT game and metaverse platform in which players can play games, connect, trade virtual property (NFTs) and create worlds.
  • CO2mmon - German/Hungarian startup that promotes sustainable and eco-friendly mobility through rewards and gamification with the goal of reducing emissions.
  • D’Cent Wallet - Enhanced hardware crypto wallet built on the highest security standards.
  • Stably - Provides regulatory-compliant stablecoin infrastructure and multi-chain fiat on/off ramps for new and emerging blockchain that seeks to connect DeFi and TradFi via stablecoins.
  • Zeeve - Enterprise-grade no-code Blockchain Infrastructure Automation platforms that enables easy deployment, monitoring and management of Blockchain nodes and networks

Telios would like to use this opportunity to congratulate the all other fellow grantees with the hope that together we bring Web3 closer.

About Coreum

Coreum is an enterprise-grade blockchain built by the Sologenic Development Foundation. It brings low-latency proof-of-stake blockchain to a wide range of audiences looking to access a multi-chain future and has the ability to process up to 7000 transactions/second.

About the Sologenic Development Foundation

The Sologenic Development Foundation is a community of developers working together on open-source projects around the CORE and SOLO tokens.

20 Email Security Best Practices Every User and Business Needs to Know and Implement

For many organizations as well as individuals, email is the primary form of online communication. It’s free, reliable and easily accessible, which is why there are over 4.2 billion email users around the globe in 2022.

However, it is also very vulnerable to different online threats, including spam and phishing and to protect against them, here are 20 email security best practices every user needs to know and implement.

1. Use More Than One Email Account#

According to the Global Statistics in Account Takeover Fraud for 2023 by SEON, 22% of US adults have been a victim of account takeover (ATO) fraud. This includes email, social media, online banking and credit cards.

Email is often a target for different scammers, hackers and other bad actors, and they would like nothing more than to take over your account and use it for their personal benefit.

This is why it’s important to have several email accounts. That way, you can separate your business and personal communication, have a third one for social media, or sign up for websites and online shopping, etc.

2. Use a Different Password for Each Account#

An average US email address is connected to 130 online accounts, according to the 2020 Digital Guardian survey.

Naturally, all of these accounts require passwords and remembering more than 100 passwords is very tricky. This is why a lot of people are reusing the same password on multiple, non-sensitive accounts (49%) or use the same password on all their accounts (11%).

Obviously, this is a dream come true for hackers as you are giving them the same key for all your accounts, not just email. That way, even if the hacker manages to breach one of those passwords, only the account associated with it would be compromised.

3. Use Strong Passwords#

In a way, life was a lot easier before the Internet (yes, I am that old to remember some of that time). There just weren’t so many things competing for our attention like YouTube, social media, streaming services, online shopping, etc.

On top of all that, you also have to think about passwords. Well, one way to make life easier is to make your passwords easy to remember, right?

Wrong!

It takes only 2 seconds to brute force a 7-character (using upper-case and lower-case) password, as shown in this table by Hive Systems.

Compared to that, a 12-character password, that includes upper-case and lower-case letters, numbers and special symbols, takes 3,000 years to crack.

4. Don’t Give Out Your Email Password#

Of course, no password is truly secure if you’re just going to give it away to anyone.

You should never give out your email password, either directly, over email, or over the phone.

No reputable company will ever ask you for your account password so if you get a request like that, this is a scam 99.9% so always keep your passwords, especially for your email.

5. Update Your Password From Time to Time#

One cybersecurity piece of advice you might have heard is to change your passwords frequently.

In fact, many cybersecurity “experts” recommend changing your password a few times per year, with some even saying you should do it every 30 days.

This advice, however, is outdated and there’s really no need for this if you followed our email security best practice number 3 - use strong passwords.

In fact, according to the US Department of Commerce National Institute of Standards and Technology’s (NIST) Digital Identity Guidelines, you should only change passwords that are either:

  • Commonly-used
  • Expected, or
  • Breached

If your password is already unique, strong and not compromised, there is really no need to change it.

6. Don’t Give Your Email Address to Everyone#

There’s really no need to give out your email address to every online business out there that you will only interact with once or twice.

One good email security advice that I don’t hear often is “be stringent with who you give your email address”.

At the very least, if you absolutely must give it away, don’t use your main business or personal email address. That way, you can at least avoid spam on your main email accounts.

7. Use 2FA#

No matter how strong the password you’re using is, it can get compromised in a data breach, phishing scam, or through spyware and other malicious software. Or, you might not have followed email security best practice #4 - don’t give out your email password.

Whichever the case, having an additional layer of security in the form of two-factor authentication (2FA for short) will help keep your account more secure.

Basically, 2FA will only let you log in to your account if, in addition to the username and password you can also provide a third authentication method.

This can be:

  • Something you know - PIN, token, security question, etc.
  • Something you are - fingerprint, iris scan, voice recognition, face scan, etc
  • Something you have - an ID card, security token, etc.

8. Understand Phishing and Other Email Scams#

According to the APWG Phishing Activity Trends Report for the 4th Quarter 2021, phishing attacks have tripled in December 2021 since early 2020.

Even if we look at the three months of Q4 alone, we can see that the number of unique phishing sites detected increased from 267,530 in October to 316,747 in December 2021

However, the number of brands targeted by phishing campaigns dropped from 624 in October to 521 in December.

Phishing attacks are getting more and more sophisticated and cunning and bad actors can take advantage of your slightest mishap so understanding their tactics is important if you want to keep your email account and data secure.

9. Avoid Downloading or Opening Untrusted Attachments#

Speaking of phishing, one common goal cyberattackers have is to get you to download or open an attachment they send you.

If someone you’ve never met in your life approached you on the street and handed you a package, would you take it?

Of course not so why would you do that with some Internet stranger?

Remember that “curiosity killed the cat” and there is nothing good to be had by being curious about unsolicited email attachments so just ignore them.

10. Avoid Clicking on Suspicious URLs#

However, people have become wiser about phishing schemes over the years and by now they know enough not to open unsolicited attachments. In fact, according to Tessian’s Must-Know Phishing Statistics (updated in 2022), 76% of phishing emails today don’t even include an attachment.

They do, however, include URLs that can redirect you to phishing websites. These websites can look almost identical to legitimate websites where the user is tricked to leave their sensitive data or they’re linked to malicious documents and will automatically download malware to your computer.

This is why always be sure to thoroughly inspect the URL before clicking on it to know if it will lead you somewhere legitimate.

11. Don’t Reply to Spammers and Scammers#

There is no get-rich scheme and if someone offers you one, simply ignore them since they’re a scammer.

Don’t even acknowledge their existence by replying.

12. Use an Encryption Extension (If You’re Using Gmail)#

Gmail is not secure and there are plenty of reasons to drop it.

However, it is super convenient and easy to use. Not to mention it’s free, so for most people, it’s perfect as a personal email, although not so much as a business email.

Fortunately, you can make Gmail more secure by using a Chrome extension like Mailvelope, which will allow you to send PGP encrypted messages.

13. Use an End-to-End Encrypted Email#

The problem with using Gmail encryption extensions is that, at the end of the day, you are still using a Google product and they don’t have a very good record of not looking into people’s data from time to time.

If you really want to keep your emails private, consider using an email service that focuses on security and privacy. Fortunately, there are more and more secure email providers today that do this and offer end-to-end encryption by default.

14. Avoid Logging in to Your Email on Public Networks#

If you’re at an airport, park, cafe, or anywhere where there’s a publicly available WiFi network, don’t expect it to be secure.

Often, these networks require no password to enter and someone could monitor the network for your actions and access your email account and personal information.

If you absolutely must use public WiFi, use a VPN, finish what you want and log out.

15. Be Careful Which Devices You Use#

A lot of companies have a “Bring Your Own Device” (BOYD) policy. Basically, what this means is that you can bring your own computer and log in to your business email from it.

This creates at least two major potential security problems:

  • Your device might already be infected with malware and logging into your business email might compromise it as well
  • There is an increased risk of getting your device stolen

If you’re going to bring your own device to work, don’t lose sight of it.

16. Log Out When Finished#

Again, this applies more to using email at the office or on public computers (like in a library for instance).

Someone walking in to use that computer after you can simply continue where you started if you leave your account open.

It’s not enough to just close the window by clicking on the “X” in the corner. Make sure to log out of your email as well as clear your browsing history before you leave.

17. Install an Antivirus Program#

Despite all the precautions, you might still get malware or a virus from an email.

Don’t worry, it’s not the end of the day if you have a good antivirus or antimalware program installed on your device like Norton or Kaspersky for instance.

18. Don’t Give Away Your Personal Information via Email#

If you get asked for your social security number, credit card information, password (see email security best practice #4) , or even a seemingly innocent piece of information like “when is your birthday?”, don’t give this information away via email.

They absolutely don’t need to know that and no reputable business will ask you for this.

19. Review Your Email Security and Privacy Settings From Time to Time#

Always remember that email attacks evolve and the defenses and security measures that you put up two or three years ago may no longer be enough today.

This is why you should periodically go through your email security & privacy settings and update them to better handle new threats.

20. Educate Your Employees (and Yourself) on Email Security Best Practices#

Finally, keep in mind that your employees or you yourself are not email security experts and a lot of the stuff we just said in the previous 19 email security best practices can go over their (or your) heads.

This is why you need to educate and train your employees and yourself on these.

Conclusion#

And there you have it. We know there’s a lot to take in, but email security is not a simple topic so, hopefully, these 20 email security best practices will help you keep your email more secure.

What is a Blockchain Email? Pros, Cons & the Future

Ever since the success of Bitcoin, Ethereum and other cryptocurrencies, developers and entrepreneurs have been looking at what other applications could the blockchain have.

One such application that is gaining momentum is email over blockchain. But what are its pros and cons and, more importantly, what is its future?

Blockchain Email Pros#

There are a couple of benefits that blockchain email offers, including:

1. Improved user privacy#

Since the blockchain is itself decentralized, meaning there is no central server with its vulnerabilities, users won’t have to “pay” for it with their data as is the case with “free” email services which collect that data and then sell them to advertisers.

2. Better security#

A blockchain is a public ledger that, while anyone can see the transaction made on, you can’t change entries.

The only way for the blockchain to be attacked is if the attacker could gain control of more than 50% of the hashrate. Since there could literally be thousands of nodes, that’s for the most part out of the question.

3. Peer-to-Peer communication#

Blockchain also eliminates the presence of a third-party service provider that would essentially have control over your data as it sits on their servers.

4. Better authentication#

Authentication is one of the biggest problems of traditional email, leading to spam, email spoofing, etc.

While this has been largely mitigated with tools such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting and Conformance), email forging is still an issue.

Blockchain, however, is an immutable (meaning, it cannot be modified) set of records authenticated by each node/computer, so it can easily verify and authenticate that you are receiving an email from a trusted sender and not a bad actor.

Blockchain Email Cons:#

So why isn’t everyone jumping on the email over blockchain train? Well, there are a few disadvantages that we need to address as well:

1. It is often “members only”#

One of the problems that blockchain email platforms often have is that you can only email users of that platform. Since we are not talking about platforms with Gmail-like user numbers, but a few thousand at best, this creates a sort of “members only” situation.

Very often, even if you can message someone on another platform, a lot of the features that make that particular email service shine can’t be used with the outside platform.

2. Huge storage requirements#

An average email is 75KB. Not a lot, right? Now multiply that by the number of emails sent every year (more than 100 trillion and you have an enormous storage problem.

Each node in the network needs to store its own copy of the blockchain, which creates a pretty big scalability problem.

Email over Blockchain Potential#

Blockchain email probably won’t ever reach the popularity of cryptocurrencies, smart contracts, NFTs and other blockchain applications, at least not when it comes to private users, the majority of which will stick to convenient free email services like Gmail.

However, the enhanced privacy and security that it offers, as well as the authentication, could make it very attractive for businesses looking for a better anti-fraud solution.

Public Key vs Private Key Cryptography - What’s the Difference?

When it comes to cryptography and protecting your sensitive data, two terms are crucial - public and private keys.

This is because they are used to encrypt and decrypt data.

In this article, we’ll explain what these keys are, what they do and what the difference is between public key vs private key cryptography.

What is Private Key Cryptography?#

In private key cryptography, one key is used to both encrypt and decrypt the data and is then shared between the sender and the recipient.

This key can be a QR code, 64-digit hexadecimal code, 256-character binary code, etc.

The idea is just that it needs to be very long, non-guessable and random (or pseudo-random). The reason for this is that a short and guessable private key can be brute-forced by a determined hacker.

Since the private key is shared, this type of cryptography is also called symmetric.

What is Public Key Cryptography?#

In public key cryptography, there are two keys - private and public. Hence, this type is also called asymmetric.

One key, public, is used to encrypt the data from plain text into cipher text and this key can be freely shared. The other key, private, is used to decrypt the data from ciphertext back into plain text and this one is kept secret and held by the recipient.

Difference Between Public Key vs Private Key Cryptography#

There are a few distinct differences between public key vs private key cryptography.

Public Key CryptographyPrivate Key Cryptography
AsymmetricSymmetric
Used two keys. One (public) to encrypt and the other (private( to decrypt dataUses only one key (private) to both encrypt and decrypt data
One key (public) can be freely shared, while the other (private) needs to be secretly keptThe key is always kept secret
SlowerFaster
The public key can be shared freely, but the private key is shared only between the sender and recipientThe private key needs to be shared between the sender and recipient only
No danger of key loss since it is held publiclyIf the key is lost, you can lose access to the system
Uses RSA algorithmUses AES algorithm

Conclusion#

So which one is better? Private or public key cryptography?

There’s no clear “winner” here since both types offer a different purpose and have different advantages and disadvantages.

In general, private key cryptography is better in situations where you work with large databases and closed systems and where speed over privacy is more important.

On the other hand, public key cryptography works better when sharing data across an open network, like email, which is why it is used in end-to-end encryption.

What are the Most Common Email Server Security Vulnerabilities?

Almost all of our data is stored on a server, making this an attractive target for malicious attackers. This goes even further for email servers as email is still one of the most popular ways of communicating online, especially for businesses.

If your email server is compromised and threat actors can gain access to the confidential information within it, this will result in financial losses for your company and losing valuable customers.

So let’s take a look at the most common vulnerabilities of email servers to better protect your data on them.

6 Most Common Email Server Vulnerabilities#

There are 6 most common email server vulnerabilities that you ought to pay attention to. These are:

  1. Data leakage
  2. Unauthorized data access
  3. DoS
  4. Malware
  5. Spam
  6. Poor performance and stability

Let’s explore each potential vulnerability and give you a way to prevent it.

Data Leakage#

Why do hackers attack email in the first place?

There can be several reasons, but the number one is that they want to get to the sensitive data of its owner (you, for instance).

The problem with email is that it was never built for security, but instead for ease of use. This is why your incoming and outgoing emails can be vulnerable to data leakage and a determined attacker.

The best way to protect your email data is to always use end-to-end encryption for both incoming and outgoing emails at end-points (sender and recipient), use TLS (Transport Layer Security) for emails in transit (while it travels between sender and recipient) and to use email protocols such as SMTP, IMAP and POP3.

Unauthorized Data Access#

No amount of encryption will save you if your last line of defense is weak.

What is this last line of defense?

Your password.

Unfortunately, only 35% of people use a different password for all their accounts, while 75% reuse the same password for all or some of their accounts, according to the 2019 Online Security Survey by Google and Harris Poll (yes, even Google says it's bad).

Now, expect that hackers will be even more inclined to try to bypass your email server’s authentication procedures to get access to the data in it, making password protection a must.

So how do you protect email server passwords?

The first thing you want is a strong password that can’t be easily brute-forced. That means at least 12 characters, including small and capital letters, numbers and special characters.

Here’s the difference that just 3-4 characters can make.

According to penetration testers at LMG Security, an 8-character Microsoft NT LAN Manager password can be cracked in less than 8 hours, while it would take 77,000 years for a 12-character password.

Denial of Service (DoS) Attacks#

Sometimes the attacker is not after the data that the email server contains, but instead wants to disrupt its service and prevent it from sending and receiving data.

Denial of Service or DoS is a type of cyberattack in which the attacker renders the server temporarily unavailable to its users by flooding the server with requests until the server can no longer cope with the traffic.

What is the solution?

Tprevent a DoS attack, you will need to limit how many connections you allow for the SMTP server, including both overall and simultaneous ones.

Malware#

Like your personal or business email account, an email server can also be vulnerable to malicious software or malware.

In fact, malware will spread to the mail server via an infected email, which in turn was infected via an attachment most likely.

In order to prevent malware from infecting your server, you need to use third-party antivirus and antimalware security software like Kaspersky, Norton, etc, that are designed to detect, quarantine and destroy malware.

Spam#

Although the ratio of normal-to-spam email messages in recent years has decreased from 71.1% of all emails being spam in April 2014 to that percentage being 45.37% in December 2021, according to Statista, spam is still a huge problem.

The main reason you might be sending email spam around is if you configure the SMTP server as an Open Mail Relay. This allows anyone on the Internet to send email (including spam) through your server.

To prevent this, configure your email server so that it only sends from authorized domains and IPs.

Poor Server Performance and Stability#

Email servers can at any moment stop working, their performance might decrease due to an attack or simple wear-and-tear.

To extend the lifespan of your email server and, more importantly, ensure uninterrupted service, you should enable SMTP authentication. This will protect the server from attacks in which the hacker sends numerous sent requests.

Additionally, you always need to have a backup server in case your main server stops working by having two MX records per domain.

Conclusion#

As you can see, sending emails through a server is not always the best. This is why Telios email service allows you to send emails directly to the other person (via a peer-to-peer network) instead of through a server if they are online.

If the recipient is offline, Telios uses decentralized cloud storage to temporarily store your email until the other person is online.

Get Telios email today to protect your privacy and security.

Cloud Storage vs Local Storage - Which One will Better Protect Your Data?

We live in a world where data, especially our private and sensitive data, is a very valuable commodity so we need a place to store it that is both easy to access and secure.

You have two options. Cloud storage vs local storage.

In this article, we’ll explore which of the two, cloud or local, will better protect your data.

Cloud Storage vs Local Storage Main Differences#

First, it’s important to understand the difference between cloud storage and local storage.

In cloud storage, your data is stored on a remote server that you can access via the Internet. Think Google Drive, Microsoft OneDrive, iCloud, etc.

Local storage, on the other hand, is one where your data is stored on a local device (on-premises) such as the hard disk drive on your computer or a USB flash drive in your pocket.

So, now that we know the differences between the two, let’s take a look at their pros and cons.

Cloud Storage Pros#

  • Easy to access. As long as you have an Internet connection, you can access whatever data you have stored on the cloud at any time and any place.
  • Promotes collaboration. With more and more people working remotely, this can be a challenge when you need to share data with a colleague. Luckily, this has been made easier with cloud storage and all you need to do is usually give them access to a specific file you want to share with them.
  • No danger from physical damage. Your local storage device can be damaged physically, corrupted, or lost. Cloud storage will always be there and so will your data (until you delete it).
  • Free storage. For an average user, who only needs limited storage for personal use, cloud services offer free storage. For instance, Google Drive offers 15 GB, OneDrive 5 GB, iCloud 5 GB and so on.
  • Automatic backups. One of the most difficult things to do with local storage is to backup your files. But it’s also one of the most important things to do if you want to prevent losing your data. With cloud storage, however, you can automatically backup your data to the cloud and thus preserve it.
  • No maintenance costs. This is especially important for businesses that run on-premises servers. One such server can cost $150 - $300 just to monitor and maintain. This is a fee you won’t have to pay with cloud storage.

Cloud Storage Cons#

  • You don’t own the servers or the system. You only rent the servers. Now, nobody is going to kick you out to make room for another user (there’s plenty to go around), but ultimately the cloud service provider controls access to your data.
  • The cloud storage provider controls the security. Another thing that the cloud storage provider controls is the security. And it's often lackluster. This also means that cloud storage is more vulnerable to data breaches and every year you can hear about a few.
  • Cost increase. Let’s face it. 5 or even 15 Gigabytes isn’t all that much. Store a few movies, some music albums and you’ve reached the limit. Cloud storage is okay if you have GBs of data, but when you start dealing with terabytes (TBs) or higher, that’s where costs can significantly increase.
  • No Internet, no data access. The very same thing that makes cloud storage easy to access can also make it difficult. What happens when you don’t have the Internet? Simply, you can’t access your data.

Local Storage Pros#

  • Full control. With local storage, you have full control and there is no danger of losing access to your data like with cloud storage.
  • Not reliant on Internet access. As long as you have your device with you, you can access your local storage and the data on it anytime, anywhere. You are not reliant on the Internet service and your access to it.
  • Better for customization. With cloud storage, you don’t have many options if you want to customize the equipment. Whatever the provider serves you, that’s what you have to use. With local storage, on the other hand, you can buy another hard disk as an individual user or physical server if you’re a business.
  • Sometimes it makes data transfer faster. Again, this depends on the Internet, but if you have a large file to share and low bandwidth, sharing the file locally can be faster and easier via a flash drive.
  • Better security. We already mentioned that cloud storage security can be lacking. Using local storage gives you the freedom to set your own security, install whatever solutions and software you deem appropriate and thus protect your data. For instance, with cloud storage, you can’t use end-to-end encryption (E2EE) but only TLS, whereas with local storage you can (and should).

Local Storage Cons#

  • External damage. Like we said earlier, your physical device can suffer from external damage which can cause you to lose access to the data on it. Fire damage, water damage, theft, loss, etc are all very real threats that you have to deal with if you are using local storage.
  • Higher costs. If you’re a business and need a local storage server, you’ll need to be prepared for a few costs, including purchasing the server, installing it, maintenance and so on. According to Intelligent Technical Solutions a server can cost from $5000 and above and the cost will depend on a lot of different factors including its form factor (tower, rack, or blade), CPU, RAM, storage and power supply.
  • Not that good for collaboration. File sharing is less efficient with local storage than with the cloud. This can be a problem both if you need to share data with someone else or if you are moving it to another device. Your options, in this case, are: 1) a flash drive; 2) a SATA cable; 3) a USB 3.0 cable transfer.

Conclusion#

So which one is better? Cloud storage vs local storage?

The thing is, both have their place and purpose and this is what you should primarily look for when you’re deciding between the two.

Cloud storage can be more convenient to use, but you don’t have a lot of control over it. On the other side, local storage can incur higher costs, especially for a business, but offers better customization and security.

At the end of the day, the sensitivity of your data should determine whether you should use cloud or local storage. For less sensitive data and non-personal data, cloud storage will be just fine. However, for sensitive and personal data, local storage is a much safer option.