Posted by Suzanne Frey, Director, Security and Privacy Engineering, Google Apps for Work
Today is
Safer Internet Day, a moment for technology companies, organizations of all sizes and people around the world to focus on online safety, together. To mark the occasion, we’re adding
two new security features to Gmail that will roll out to Google Apps domains in the coming weeks.
First, users who receive a message from, or who are about to send a message to, someone whose email service doesn’t support an encrypted connection (TLS), will see an open lock icon in the message. Users won’t see this icon when sending mail from one Google-hosted domain to any other, including gmail.com, since those emails are always sent over an encrypted connection. Gmail will always send and receive messages over TLS, unless the connecting service doesn’t support it.
Second, users receiving messages that aren’t properly authenticated with either
Sender Policy Framework (SPF) or
DKIM will see a question mark in place of their profile photo, corporate logo or avatar. Read more about both of these features on the
Gmail blog.
To make the most of this day and every day forward, here are some additional features you can use as a Google Apps for Work admin to help protect user data.
- Increase security at login, while keeping things easy for users Two-step verification is a well-known protection against the theft of login credentials, the most frequent threat on the Web today. As an admin, you can easily enforce use of 2-step verification to enhance security for all users in your Google Apps domain. Security keys make authentication even more secure and more convenient for users. They’re easy to deploy and easy to manage, and as a Google for Work customer, you even get a 50% discount.
- Prevent sensitive information from leaving your network Activate Data Loss Prevention (DLP) to help prevent information from being revealed to those who shouldn’t have it. Gmail DLP automatically checks all outgoing emails and takes action based on predefined policies, which include quarantining the email for review, telling users to modify the information or blocking the email from being sent and notifying the sender. Check out our DLP whitepaper and learn how to get started. Stay tuned for more on DLP later this quarter.
- Get the mail you want, not the spam you don’t Gmail has long been known for its smart spam filters, today spam is only 0.1% of messages in the average Gmail user’s inbox. To help you track and improve the quality of the mail sent and received at your domains, you can use the Postmaster Tools. You should also follow the best practices outlined in Google’s sender guidelines. For example, create a Sender Policy Framework, prevent spoofing by adding a digital signature to outgoing messages using DKIM and create a DMARC record to track and prevent unauthenticated messages sent from your domain.
- Enforce mobile device policies in your organization Mobile Management lets you control the devices that can connect to your users' Google Apps data, whether iOS or Android, and perform actions like remote wiping.
These are a few steps that can go a long way. If you activate any of these features today, you will contribute to an ever-brighter future for your brand, customers, employees, ideas and assets. The Internet is a big place, and it’s going to take global teamwork to make it the most secure.
We are grateful to be the trusted technology partner of businesses worldwide as we work together to make the Internet a safer place for everyone, everywhere.