Bring sanity to your Wi-Fi security: A need-to-read guide

A clean inbox every day? See the easiest, safest way »

online-security

When was the last time you used public Wi-Fi to work remotely? If you’re like 91% of recent survey respondents, you agree that public Wi-Fi is not secure. If you’re like 89% of the same respondents, you use it anyway.

3 Steps to a Safer Email Password

key, password key, silver password key, ultimate password key

When you’re on a site that requires you to create a password, more likely than not, you’re going to enter the same password you use for every site. Those websites might have the best security available, but if you aren’t diligent about your password, your email and private information is extremely vulnerable to hackers. What can you do about it? Check out these quick tips to a safer password.

Do you back up your computer? You should!

image

Don’t wait until you lose something.  A hard drive can crash any time – even a solid state hard drive on your brand new Macbook Air (happened to a friend recently!)  Just because you use IMAP and the email is held on your email server doesn’t mean you shouldn’t do backups.  One would hope that your email service provider does backups too, but it is better to have control of your own life.

For example, at SaneBox we use RsyncCrashplan and SuperDuper. Remember to test if your backups are really working by trying to recover something every 6 months or so.  If you use SuperDuper, try booting off your SuperDuper drive. Tell us **your** favorite backup/disaster recovery solutions in the comments section, and we will aggregate that list and resend in a future Activity Report.

 

Email Security at Sanebox

image

Security at SaneBox is job one.

By design, we limit the information that is held on our servers.  Your email never resides on our servers, except for the moment that we send your Sane RemindMe email back to you (and even then we try to measure in seconds the time that any one email is on our disks).

Also by design, SaneBox acts as a client so that if our service should be down for a minute or two (we shoot for 5 9′s of uptime), your email will continue to be delivered to your Inbox.  The only side effect of our being down would be that your unimportant email will linger in your Inbox, mocking you.

We approach security as 4 layers.  Each layer, while as impervious as we can make it, is backstopped by the other layers.

Physical security – we colocate with CDW in secure/hardened facilities in secure racks.

Network security – the service and database machines do not accept any connections from the public internet.  A hacker would have to a) create a VPN connection to our private network, b) guess our ssh keys to a bastion host, c) figure out ssh keys to one of the service machines, and then d) the thing they are looking for is secured with bank quality encryption.

Data security – your email is never resident on our servers (only meta data is) so the only thing of value to an outsider would be the email credentials that we use to access your email, which are bank-quality encrypted with a key that must be entered manually by a human.  And at least in the case of Gmail, those credentials are only good for a SaneBox IP.

Trusted Personnel – It is only the most vetted subset of our trusted employees that even access that final encryption key.  Think the top secret key that has to be turned to engage the nuclear weapon – that’s how we feel about this final secret.

Always remember that someone could look over your shoulder someday while you type your password.  Or someone could get you to click on a phishing email and get you to enter your credentials to a phishing site.  So you should always be as careful as SaneBox.

We spend time each month looking for ways to secure the system further. So assume SaneBox is like a castle with an ever deeper moat.