News > Gmail


7 ways admins can help secure accounts against phishing in G Suite

Category: Gmail | Sep 8, 2017

We work hard to help protect your company against phishing attacks—from using machine learning, to tailoring our detection algorithms, to building features to spot previously unseen attacks. While we block as many external attacks as we can, we continue to build and offer features designed to empower IT administrators to develop strong internal defenses against phishing.

Here are seven things we recommend admins do in G Suite to better protect employee data.

1. Enforce 2-step verification

Two-step verification (2SV) is one of the best ways to prevent someone from accessing your account, even if they steal your password. In G Suite, admins have the ability to enforce 2-step verification. 2SV can reduce the risk of successful phishing attacks by asking employees for additional proof of identity when they sign in. This can be in the form of phone prompts, voice calls, mobile app notifications and more.

Image 1: phishing post

G Suite also supports user-managed security keys—easy to use hardware authenticators. Admins can choose to enforce the use of security keys to help reduce the risk of stolen credentials being used to compromise an account. The key sends an encrypted signature and works only with authorized sites. Security keys can be deployed, monitored and managed directly from within the Admin console.

2. Deploy Password Alert extension for Chrome

The Password Alert chrome extension checks each page that users visit to see if that page is impersonating Google’s sign-in page and notifies admins if users enter their G Suite credentials anywhere other than the Google sign-in page.

Admins can enforce deployment of the Password Alert Chrome extension from the Google Admin Console (Device management > App Management > Password Alert)—just sign in and get started. You should check “Force installation” under both “User Settings” and “Public session settings.”

Image 2: phishing post

Admins can also enable password alert auditing, send email alerts and enforce a password change policy when G Suite credentials have been used on a non-trusted website such as a phishing site.

3. Allow only trusted apps to access your data

Take advantage of OAuth apps whitelisting to specify which apps can access your users’ G Suite data. With this setting, users can grant access to their G Suite apps’ data only to whitelisted apps. This prevents malicious apps from tricking users into accidentally granting unauthorized access. Apps can be whitelisted by admins in the Admin console under G Suite API Permissions.

Image 3: phishing post

4. Publish a DMARC policy for your organization

To help your business avoid damage to its reputation from phishing attacks and impersonators, G Suite follows the DMARC standard. DMARC empowers domain owners to decide how Gmail and other participating email providers handle unauthenticated emails coming from your domain. By defining a policy and turning on DKIM email signing, you can ensure that emails that claim to be from your organization, are actually from you.

5. Disable third-party email client access for those who don’t need it

The Gmail clients (Android, iOS, Web) leverage Google Safe Browsing to incorporate anti-phishing security measures such as disabling suspicious links and attachments and displaying warnings to users to deter them from clicking on suspicious links.

By choosing to disable POP and IMAP, Google Sync and G Suite Sync for Microsoft Outlook, admins can ensure that a significant portion of G Suite users will only use Gmail clients and benefit from the built-in phishing protections that they provide. Additional measures include enabling OAuth apps whitelisting to block third-party clients as suggested earlier in the blog.

Note: all third-party email clients, including native mobile mail clients, will stop working if the measures outlined above are implemented.

Image 4: phishing post

Image 5: phishing post

6. Encourage your team to pay attention to external reply warnings

By default, Gmail clients (Android, Web) warn G Suite users if they’re responding to emails sent from outside their domain by someone they don’t regularly interact with, or from someone not in their contacts. This helps businesses protect against forged emails, from malicious actors or just plain old user-error like sending an email to the wrong contact. Educate your employees to look for these warnings and be careful before responding to unrecognized senders. Unintended external reply warnings are controlled from the Admin console control in the “Advanced Gmail” setting.

Image 6: phishing post

7. Enforce the use of Android work profiles

Work profiles allow you to separate your organization’s apps from personal apps, keeping personal and corporate data separate. By using integrated device management within G Suite to enforce the use of work profiles, you can whitelist applications that access corporate data and block installation of apps from unknown sources. You now have complete control over which apps have access to your corporate data.

Image 7: phishing post

These steps can help you improve your organization’s security posture and become more resistant to phishing attacks. Learn more at gsuite.google.com/security or sign up for our security webinar on September 20, 2017 which features new security research from Forrester and a demonstration on how the cloud can help effectively combat cyber threats.


From: http://feedproxy.google.com/~r/OfficialGmailBlog/~3/VcumXvshgUo/

7 ways admins can help secure accounts against phishing in G Suite

Category: Gmail | Sep 8, 2017

We work hard to help protect your company against phishing attacks—from using machine learning, to tailoring our detection algorithms, to building features to spot previously unseen attacks. While we block as many external attacks as we can, we continue to build and offer features designed to empower IT administrators to develop strong internal defenses against phishing.

Here are seven things we recommend admins do in G Suite to better protect employee data.

1. Enforce 2-step verification

Two-step verification (2SV) is one of the best ways to prevent someone from accessing your account, even if they steal your password. In G Suite, admins have the ability to enforce 2-step verification. 2SV can reduce the risk of successful phishing attacks by asking employees for additional proof of identity when they sign in. This can be in the form of phone prompts, voice calls, mobile app notifications and more.

Image 1: phishing post

G Suite also supports user-managed security keys—easy to use hardware authenticators. Admins can choose to enforce the use of security keys to help reduce the risk of stolen credentials being used to compromise an account. The key sends an encrypted signature and works only with authorized sites. Security keys can be deployed, monitored and managed directly from within the Admin console.

2. Deploy Password Alert extension for Chrome

The Password Alert chrome extension checks each page that users visit to see if that page is impersonating Google’s sign-in page and notifies admins if users enter their G Suite credentials anywhere other than the Google sign-in page.

Admins can enforce deployment of the Password Alert Chrome extension from the Google Admin Console (Device management > App Management > Password Alert)—just sign in and get started. You should check “Force installation” under both “User Settings” and “Public session settings.”

Image 2: phishing post

Admins can also enable password alert auditing, send email alerts and enforce a password change policy when G Suite credentials have been used on a non-trusted website such as a phishing site.

3. Allow only trusted apps to access your data

Take advantage of OAuth apps whitelisting to specify which apps can access your users’ G Suite data. With this setting, users can grant access to their G Suite apps’ data only to whitelisted apps. This prevents malicious apps from tricking users into accidentally granting unauthorized access. Apps can be whitelisted by admins in the Admin console under G Suite API Permissions.

Image 3: phishing post

4. Publish a DMARC policy for your organization

To help your business avoid damage to its reputation from phishing attacks and impersonators, G Suite follows the DMARC standard. DMARC empowers domain owners to decide how Gmail and other participating email providers handle unauthenticated emails coming from your domain. By defining a policy and turning on DKIM email signing, you can ensure that emails that claim to be from your organization, are actually from you.

5. Disable POP and IMAP access for those who don’t need it

The Gmail clients (Android, iOS, Web) leverage Google Safe Browsing to incorporate anti-phishing security measures such as disabling suspicious links and attachments and displaying warnings to users to deter them from clicking on suspicious links. 

By choosing to disable POP and IMAP, admins can ensure that all G Suite users will only use Gmail clients and benefit from the built-in phishing protections that they provide. POP and IMAP access can be disabled by admins at the organizational unit level.

Note: all third-party email clients including native mobile mail clients will stop working if POP and IMAP are disabled.

Image 4: phishing post

Image 5: phishing post

6. Encourage your team to pay attention to external reply warnings

By default, Gmail clients (Android, Web) warn G Suite users if they’re responding to emails sent from outside their domain by someone they don’t regularly interact with, or from someone not in their contacts. This helps businesses protect against forged emails, from malicious actors or just plain old user-error like sending an email to the wrong contact. Educate your employees to look for these warnings and be careful before responding to unrecognized senders. Unintended external reply warnings are controlled from the Admin console control in the “Advanced Gmail” setting.

Image 6: phishing post

7. Enforce the use of Android work profiles

Work profiles allow you to separate your organization’s apps from personal apps, keeping personal and corporate data separate. By using integrated device management within G Suite to enforce the use of work profiles, you can whitelist applications that access corporate data and block installation of apps from unknown sources. You now have complete control over which apps have access to your corporate data.

Image 7: phishing post

These steps can help you improve your organization’s security posture and become more resistant to phishing attacks. Learn more at gsuite.google.com/security or sign up for our security webinar on September 20, 2017 which features new security research from Forrester and a demonstration on how the cloud can help effectively combat cyber threats.


From: http://feedproxy.google.com/~r/OfficialGmailBlog/~3/qbtuf4S6Urg/

How Virtru for G Suite lets you share sensitive business information and stay compliant

Category: Gmail | Jul 5, 2017

If you work in a regulated industry like healthcare, legal or finance, you might be familiar with regulations relating to HIPAA, CJIS and CFPB, and understand how important it is to protect sensitive data. In order to help you meet your obligations, you might need specific tools.

Gmail already offers world-class security protections like encryption through Transport Layer Security (TLS), but Virtru for G Suite is a simple way to help dually secure proprietary information included in your email communications. Virtru integrates client-side encryption directly into Gmail and G Suite, so you don’t have to worry about your emails or attachments falling into the wrong hands.

Using G Suite and Virtru, you can:

  • More securely send proprietary information via Gmail.
  • Create custom data loss prevention rules to detect and encrypt users’ sensitive information before it leaves your inbox.
  • Manage who can access what content and for how long (including third-parties), set expiration dates for emails and attachments and control forwarding on all messages.
  • Help your business meet regulatory requirements for email encryption, data security, privacy and data residency.

Why Premier Healthcare Services chose Virtru for G Suite

Premier Healthcare Services is a provider of skilled and unskilled in-home health services. The company uses Virtru for G Suite to securely send sensitive client information, and chose the encryption service because it was easy to install and intuitive to use for anyone familiar with Gmail.

Using Virtru for G Suite, Premier Health administrators can revoke access, manage forwarding and watermarking of attachments, and control access to documents and their expiration. Premier Health IT administrators can also set data loss prevention (DLP) rules to encrypt data  to help employees remain HIPAA compliant, even when they share information with parties outside of their domain.

To stay on top of their data security, they can also monitor a variety of activities within the Virtru Admin Dashboard, like when and where emails are forwarded and when DLP rules are triggered.

To learn how your business can use Virtru for G Suite to protect sensitive information in Gmail, register to attend this free webinar on July 11, 2017 at 10 a.m. PT / 1 p.m. ET.


From: http://feedproxy.google.com/~r/OfficialGmailBlog/~3/4Mrmd8bW7W0/

How Virtru for G Suite lets you share sensitive business information and stay compliant

Category: Gmail | Jul 5, 2017

If you work in a regulated industry like healthcare, legal or finance, you might be familiar with regulations relating to HIPAA, CJIS and CFPB, and understand how important it is to protect sensitive data. In order to help you meet your obligations, you might need specific tools.

Gmail already offers world-class security protections like encryption through Transport Layer Security (TLS), but Virtru for G Suite is a simple way to help dually secure proprietary information included in your email communications. Virtru integrates client-side encryption directly into Gmail and G Suite, so you don’t have to worry about your emails or attachments falling into the wrong hands.

Using G Suite and Virtru, you can:

  • More securely send proprietary information via Gmail.
  • Create custom data loss prevention rules to detect and encrypt users’ sensitive information before it leaves your inbox.
  • Manage who can access what content and for how long (including third-parties), set expiration dates for emails and attachments and control forwarding on all messages.
  • Help your business meet regulatory requirements for email encryption, data security, privacy and data residency.

Why Premier Healthcare Services chose Virtru for G Suite

Premier Healthcare Services is a provider of skilled and unskilled in-home health services. The company uses Virtru for G Suite to securely send sensitive client information, and chose the encryption service because it was easy to install and intuitive to use for anyone familiar with Gmail.

Using Virtru for G Suite, Premier Health administrators can revoke access, manage forwarding and watermarking of attachments, and control access to documents and their expiration. Premier Health IT administrators can also set data loss prevention (DLP) rules to encrypt data  to help employees remain HIPAA compliant, even when they share information with parties outside of their domain.

To stay on top of their data security, they can also monitor a variety of activities within the Virtru Admin Dashboard, like when and where emails are forwarded and when DLP rules are triggered.

To learn how your business can use Virtru for G Suite to protect sensitive information in Gmail, register to attend this free webinar on July 11, 2017 at 10 a.m. PT / 1 p.m. ET.


From: http://feedproxy.google.com/~r/OfficialGmailBlog/~3/GxG3OFziw6Y/

As G Suite gains traction in the enterprise, G Suite’s Gmail and consumer Gmail to more closely align

Category: Gmail | Jun 23, 2017

Google’s G Suite business is gaining enormous traction among enterprise users. G Suite usage has more than doubled in the past year among large business customers. Today, there are more than 3 million paying companies that use G Suite.   

G Suite’s Gmail is already not used as input for ads personalization, and Google has decided to follow suit later this year in our free consumer Gmail service. Consumer Gmail content will not be used or scanned for any ads personalization after this change. This decision brings Gmail ads in line with how we personalize ads for other Google products. Ads shown are based on users’ settings. Users can change those settings at any time, including disabling ads personalization. G Suite will continue to be ad free.

The value of Gmail is tremendous, both for G Suite users and for users of our free consumer Gmail service. Gmail is the world’s preeminent email provider with more than 1.2 billion users. No other email service protects its users from spam, hacking, and phishing as successfully as Gmail. By indicating possible email responses, Gmail features like Smart Reply make emailing easier, faster and more efficient. Gmail add-ons will enable features like payments and invoicing directly within Gmail, further revolutionizing what can be accomplished in email.

G Suite customers and free consumer Gmail users can remain confident that Google will keep privacy and security paramount as we continue to innovate. As ever, users can control the information they share with Google at myaccount.google.com.


From: http://feedproxy.google.com/~r/OfficialGmailBlog/~3/D8aWIc-JZx0/

As G Suite gains traction in the enterprise, G Suite’s Gmail and consumer Gmail to more closely align

Category: Gmail | Jun 23, 2017

Google’s G Suite business is gaining enormous traction among enterprise users. G Suite usage has more than doubled in the past year among large business customers. Today, there are more than 3 million paying companies that use G Suite.   

G Suite’s Gmail is already not used as input for ads personalization, and Google has decided to follow suit later this year in our free consumer Gmail service. Consumer Gmail content will not be used or scanned for any ads personalization after this change. This decision brings Gmail ads in line with how we personalize ads for other Google products. Ads shown are based on users’ settings. Users can change those settings at any time, including disabling ads personalization. G Suite will continue to be ad free.

The value of Gmail is tremendous, both for G Suite users and for users of our free consumer Gmail service. Gmail is the world’s preeminent email provider with more than 1.2 billion users. No other email service protects its users from spam, hacking, and phishing as successfully as Gmail. By indicating possible email responses, Gmail features like Smart Reply make emailing easier, faster and more efficient. Gmail add-ons will enable features like payments and invoicing directly within Gmail, further revolutionizing what can be accomplished in email.

G Suite customers and free consumer Gmail users can remain confident that Google will keep privacy and security paramount as we continue to innovate. As ever, users can control the information they share with Google at myaccount.google.com.


From: http://feedproxy.google.com/~r/OfficialGmailBlog/~3/fLarmOa3aKc/

As G Suite gains traction in the enterprise, G Suite’s Gmail and consumer Gmail to more closely align

Category: Gmail | Jun 23, 2017

Google’s G Suite business is gaining enormous traction among enterprise users. G Suite usage has more than doubled in the past year among large business customers. Today, there are more than 3 million paying companies that use G Suite.   

G Suite’s Gmail is already not used as input for ads personalization, and Google has decided to follow suit later this year in our free consumer Gmail service. Consumer Gmail content will not be used or scanned for any ads personalization after this change. This decision brings Gmail ads in line with how we personalize ads for other Google products. Ads shown are based on users’ settings. Users can change those settings at any time, including disabling ads personalization. G Suite will continue to be ad free.

The value of Gmail is tremendous, both for G Suite users and for users of our free consumer Gmail service. Gmail is the world’s preeminent email provider with more than 1.2 billion users. No other email service protects its users from spam, hacking, and phishing as successfully as Gmail. By indicating possible email responses, Gmail features like Smart Reply make emailing easier, faster and more efficient. Gmail add-ons will enable features like payments and invoicing directly within Gmail, further revolutionizing what can be accomplished in email.

G Suite customers and free consumer Gmail users can remain confident that Google will keep privacy and security paramount as we continue to innovate. As ever, users can control the information they share with Google at myaccount.google.com.


From: http://feedproxy.google.com/~r/OfficialGmailBlog/~3/iZVpYPxC4Oc/

Track projects with G Suite and Asana

Category: Gmail | Jun 19, 2017

Technology has transformed the way businesses operate—your teams likely do not look like they did 10 years ago. Now, companies rely on a mobile workforce and require productivity tools to help them collaborate no matter the location, and more importantly, without holding up work.

Businesses are using Asana  and G Suite to collaborate and manage projects from start to finish. Asana is a project management tool that helps teams plan, manage and track work, and is a part of the Recommended for G Suite program. With these two tools, your organization can:

  • Create tasks in Asana directly from Gmail
  • Add files directly from Google Drive to tasks in Asana
  • Keep track of deadlines by syncing your tasks in Asana with Google Calendar
  • Build custom reports in Google Sheets to analyze project data in Asana

How OutSystems uses G Suite and Asana to drive marketing launches

OutSystems is a low-code application platform that uses Asana and G Suite to manage digital marketing and advertising projects to reach its more than 7 million users. With 30 marketers across the globe, it’s important that OutSystems uses tools to streamline reviews and track project status. 

With more than 90,000 apps built on their platform, OutSystems relies on Asana to prioritize projects and create templates for marketing launches. G Suite apps are built in, which means OutSystems employees can access their favorite productivity tools, like Google Drive, Docs and Sheets, in one place. 

Teams use Drive to attach files to tasks in Asana, Docs to edit web content, and Sheets to analyze project data. OutSystems marketers also work with external freelancers, and G Suite’s permission sharing settings make it easy to protect proprietary information.

You can get started using Asana and G Suite at your business. Sign up for this free webinar on Tuesday, June 27, 2017 at 9 a.m. PT / 12 p.m. ET.


From: http://feedproxy.google.com/~r/OfficialGmailBlog/~3/wkmEYyXeyPQ/

Track projects with G Suite and Asana

Category: Gmail | Jun 19, 2017

Technology has transformed the way businesses operate—your teams likely do not look like they did 10 years ago. Now, companies rely on a mobile workforce and require productivity tools to help them collaborate no matter the location, and more importantly, without holding up work.

Businesses are using Asana  and G Suite to collaborate and manage projects from start to finish. Asana is a project management tool that helps teams plan, manage and track work, and is a part of the Recommended for G Suite program. With these two tools, your organization can:

  • Create tasks in Asana directly from Gmail
  • Add files directly from Google Drive to tasks in Asana
  • Keep track of deadlines by syncing your tasks in Asana with Google Calendar
  • Build custom reports in Google Sheets to analyze project data in Asana

How OutSystems uses G Suite and Asana to drive marketing launches

OutSystems is a low-code application platform that uses Asana and G Suite to manage digital marketing and advertising projects to reach its more than 7 million users. With 30 marketers across the globe, it’s important that OutSystems uses tools to streamline reviews and track project status. 

With more than 90,000 apps built on their platform, OutSystems relies on Asana to prioritize projects and create templates for marketing launches. G Suite apps are built in, which means OutSystems employees can access their favorite productivity tools, like Google Drive, Docs and Sheets, in one place. 

Teams use Drive to attach files to tasks in Asana, Docs to edit web content, and Sheets to analyze project data. OutSystems marketers also work with external freelancers, and G Suite’s permission sharing settings make it easy to protect proprietary information.

You can get started using Asana and G Suite at your business. Sign up for this free webinar on Tuesday, June 27, 2017 at 9 a.m. PT / 12 p.m. ET.


From: http://feedproxy.google.com/~r/OfficialGmailBlog/~3/oNXBq5PLm1Q/

Track projects with G Suite and Asana

Category: Gmail | Jun 19, 2017

Technology has transformed the way businesses operate—your teams likely do not look like they did 10 years ago. Now, companies rely on a mobile workforce and require productivity tools to help them collaborate no matter the location, and more importantly, without holding up work.

Businesses are using Asana  and G Suite to collaborate and manage projects from start to finish. Asana is a project management tool that helps teams plan, manage and track work, and is a part of the Recommended for G Suite program. With these two tools, your organization can:

  • Create tasks in Asana directly from Gmail
  • Add files directly from Google Drive to tasks in Asana
  • Keep track of deadlines by syncing your tasks in Asana with Google Calendar
  • Build custom reports in Google Sheets to analyze project data in Asana

How OutSystems uses G Suite and Asana to drive marketing launches

OutSystems is a low-code application platform that uses Asana and G Suite to manage digital marketing and advertising projects to reach its more than 7 million users. With 30 marketers across the globe, it’s important that OutSystems uses tools to streamline reviews and track project status. 

With more than 90,000 apps built on their platform, OutSystems relies on Asana to prioritize projects and create templates for marketing launches. G Suite apps are built in, which means OutSystems employees can access their favorite productivity tools, like Google Drive, Docs and Sheets, in one place. 

Teams use Drive to attach files to tasks in Asana, Docs to edit web content, and Sheets to analyze project data. OutSystems marketers also work with external freelancers, and G Suite’s permission sharing settings make it easy to protect proprietary information.

You can get started using Asana and G Suite at your business. Sign up for this free webinar on Tuesday, June 27, 2017 at 9 a.m. PT / 12 p.m. ET.


From: http://feedproxy.google.com/~r/OfficialGmailBlog/~3/JesCEhh4HgI/

Page 1 of 51123456789101112131415...51 »