Think of your employee email platform as an ancient fortress that is surrounded by a deep moat filled with water and hungry crocodiles. Sounds pretty secure from a ground attack, right? But, what if that moat was only partially dug, you regularly left the drawbridge down, and the fortress’ massive doors were “secured” with just a simple lock?
This latter scenario is what email security is like for many businesses. Companies who implement email security solutions half-heartedly are doing a great disservice to both their employees or customers. Without the appropriate processes and protections in place, there is no way to keep a business secure from malicious users who seek access to their data and systems.
5 Steps for How to Secure Gmail Email Accounts
Thankfully, your fortress and precious data don’t have to be sitting ducks to phishing attacks. You can increase email security for Google email (Gmail) accounts by implementing the following best practices and an effective phishing prevention solution:
1. Complete Gmail’s Account Security Checklist Steps
Companies both large and small rely on Google’s G Suite and Gmail platform to serve as their primary email solution. In fact, the number of companies that are paying for G Suite has doubled to more than 4 million, according to an article in Fast Company. Some of the heavy-hitters who made the switch include Colgate-Palmolive Co., Nielsen Holdings Plc, and Verizon Communications Inc.
To help keep Gmail accounts secure, they recommend the following steps:
- Perform a Thorough Security Checkup
- Update All Software, Browsers, and Operating Systems
- Use Strong, Challenging, and Unique Passwords
- Remove Unnecessary Apps & Browser Extensions to Reduce Vulnerabilities
- Protect Against Suspicious Messages & Content
2. Implement Company-Wide Password Policies
One of the most highly-recommended email security best practices is to develop, implement, and enforce strong email password policies for company accounts. These rules aim to help increase security by:
- Understanding human nature (how people behave and what they are likely to do when creating passwords),
- Helping to resist common attack methods (using secure password creation methods), and
- Containing successful attacks when they occur (knowing how to respond when an account has become compromised and limiting each account’s access).
3. Hold Employee Email User Awareness Training
Another of our email security best practices is to educate employees about the dangers of different types of phishing emails and ways to identify these threats through user awareness training. Because the modern phishing attack no longer looks like the Nigerian prince email scams we’ve become accustomed to, it is often difficult to recognize. These emails are cleverly disguised as emails from vendors, colleagues, or even c-level executives within your company.
However, user awareness training is often not enough to keep your company’s email accounts safe from phish and should be used in conjunction with other protection methods. Without being able to identify these threats from the metadata level, employees will still fall prey to phishing scams. This is why additional email security solutions and measures are necessary.
4. Integrate Two-Step Verification or Multi-Factor Authentication Into Email Security Processes
Two-step verification is a method of authentication that requires two steps to be performed consecutively. This usually involves having the employee sign in with their username and password, then texting a code or phrase to their mobile device and requiring them to input the code within a specific amount of time.
This differs from mutli factor authentication (MFA), which is a “Defense-in-Depth strategy within a Defense-in-Depth strategy.” With MFA, users need to provide two of three factors:
- Something You Know. This could be a password or a personal identification number (PIN).
- Something You Have. This is often a time-based PIN generated from a server.
- Something You Are. This includes a fingerprint, retinal scan, facial scan, or another form of biometric information.
5. Use Email Security Solutions That Protect Your Business
We recommend implementing an email security solution from a trusted and reputable provider. Clearedin, an anti phishing software platform that integrates with G Suite and Slack to identify and eliminate phishing attacks, uses the content metadata from your emails and chat platform to build a communications Trust Graph. This form of Business Trust Graph protects the company from phishing and other BEC scams without reading the content of the communications, ensuring privacy for employees and clients while offering the best security.
Borrowing from our earlier fortress analogy, using Clearedin for your email is like watching a Trojan horse be delivered outside your fortress gate — only you now have X-ray vision and can see the threat that lies in hiding. Our artificial intelligence (AI) and machine learning platform scans your organization’s email metadata to identify anything that falls outside the pattern of normal communications to recognize:
- Small changes in email addresses and URLs.
- Changes in the frequency of emails being sent by individuals (establishing a sender baseline).
- Changes in the frequency of emails that are received by individuals (establishing a recipient baseline).
Using this information, Clearedin identifies any potential risks and automatically labels and disarms them. At the same time, it also provides information to the end users to help them understand why those communications were perceived as threats. This way, the user can make an informed decision about whether to unlock the messages.
Keep the threat of a phishing attack outside your fortress as much as possible by keeping the moat full, drawbridge up, and arming your guards with X-ray vision through the use of anti phishing services. Not only will your IT team thank you, but your clients, board members, and shareholders will as well.
To learn more about Clearedin and how our email security solution can help secure your business’ accounts, get in touch with one of our cyber security experts today.
Protect Your Organization From BEC Phishing Attacks
Download our guide to learn everything you need to know about BEC attacks.