I. Create Safe and Secure Passwords – By far the easiest way to access your mail account for nefarious activity is by using a stolen password.
Google Apps User
- Make sure you create safe and unique passwords for all your important accounts
- Make sure you store your passwords in a secure way
- Try using a password generator and password vault to create and store passwords
Google Apps Admins
- Set Password Policies that include strength and recovery requirement
- Regularly Monitor and audit user’s password strengths
II. Change Your Password and Update Account Recovery Options – Creating unique passwords for online accounts and setting up Gmail account recovery options will help avoid account hijacking.
Google Apps User
- Make sure you add a valid recovery phone number
- Make sure you add a valid recovery email address
- If you are still unable to access your account you can have your administrator reset your password
Google Apps Admins
- Make sure you add password recovery information for users
- Make sure you add recovery options to administrator account
- If unable to access you can have another administrator reset your password
- If no other admin is available, you can use the domain verification method
III. Turn on 2-Step Verification – Google’s 2-Step verification is one of the most useful ways to avoid getting you account hacked. This feature allows you to use your cell phone as a second form of authentication via a special code texted to you from Google.
Google Apps User
- Setup is easy just follow these Get Started instructions
- Be sure you also set up backup codes for when you don’t have your phone
Google Apps Admins
- Enforce 2-Step Verification for all users
IV. Check your account for unusual activity – Auditing and reviewing your account activity is a great way to confirm if you have or have not been hacked.
Google Apps User
- Check your account activity by clicking the tiny details link next to the last account activity line at the bottom right corner of any Gmail page
- Last account activity will show information about recent activity in your mail. Recent activity includes any time that your mail was accessed using a browser, POP client, a mobile device, or a third-party application. Also see underrstanding your last account activity data
Google Apps Admins
- If you have access to reports, you can setup audits, monitor usage, check admin logs, review activity/security reports, identify externally shared drive files, and many other potential security risks
V. Check your Gmail settings – Edit and manage your Gmail settings to ensure they are correctly set up.
Google Apps User
- Check for unauthorized forwarding or delegation
Google Apps Admins
- If you have access to reports, you can setup audits, monitor usage, check admin logs, review activity/security reports, identify externally shared drive files, and many other potential security risks
VI. Protect against Viruses, Malware, Phishing Scams – Viruses, malware, and phishing email can cause a lot of damage, know how to find, fix, and avoid them.
Google Apps User
- Detect and remove malware from your computer
- Recognize and report Phishing
- Use Gmail to block spam or unwanted email
- Report violations of Gmail Program Policies or Terms of Use
Google Apps Admins
- Configure and maintain you email whitelists or blacklists
- Configure Inbound and Outbound Mail Gateways
- Configure SPF for Outbound DNS
- Configure Spam filter settings via Approved and Blocked Senders
- Configure Attachment, Content, and Objectional Compliance rules
VII. Update your Browser for latest security and privacy fixes – One of the most overlooked security areas; having an outdated browser can pose a significant security risk, make sure you are using the latest version of your browser.
Google Apps User
- Check to see if you are using the latest version of your browser.
- Google Chrome works best with Google products and automatically updates to the latest version
Google Apps Admins
- Configure Chrome User Settings
- Review latest release updates for Chrome
- Check out additional information to manage Chrome devices and extensions
