Google Workspace has declared new security enhancements focused on improving Gmail’s security layers, particularly concerning “sensitive” actions. Gmail’s sensitive actions encompass:
- Filters: Actions such as creating a new filter, making edits to an existing one, or importing filters.
- Forwarding: Adding a fresh forwarding address via the Forwarding and POP/IMAP settings.
- IMAP Access: Activating the IMAP access from the account settings. Notably, the control of this setting’s visibility for Workspace users lies with the admins.
Such actions can potentially be misused by malicious parties to stealthily gain access to emails. Google’s Security Checkup has already been flagging potential security issues, especially about forwarding.
Verification for Increased Security
To strengthen security, Google will now critically assess sessions initiating these sensitive actions. If a session appears risky, users will encounter a “Verify it’s you” prompt. This added security layer mandates the user to complete a 2-step Verification (2SV) or use another trusted authentication method. Failing to verify or bypass the verification will trigger a “Critical security alert” to the trusted devices linked to the user’s account. This will both notify the user and also provide an option to counteract any potential breaches.
Expanding its Reach
The “Verify it’s you” feature will soon be available for both personal Google Account holders and Workspace customers. However, there’s a caveat for Workspace users – Google must be their identity provider, with SAML currently unsupported. The rollout of these new measures has begun and is expected to be fully deployed in a few weeks.
Previous Endeavors for Safer Gmail
This move follows Google’s previous measures to reinforce the security of its services. Last year, Google introduced a similar verification system specifically for “sensitive actions” within Google Workspace accounts. Furthermore, in May 2023, Google launched two significant security advancements:
- Dark Web Monitoring: Google initiated a service to keep tabs on Gmail IDs, ensuring they haven’t been compromised and are not available on the dark web.
- Safe Browsing API Update: This feature has been refined to better detect malicious websites, immediately alerting users if they are about to access a potentially harmful site.
The Onus of Personal Security
While companies like Google are consistently rolling out advancements to bolster security, the individual responsibility of users cannot be understated. Personal security extends beyond merely relying on service providers. Here are some additional recommendations for Gmail users to ensure they stay ahead of potential threats:
- Regular Password Updates: Changing passwords routinely and ensuring they are complex can deter hackers. Avoid using easily guessable phrases or sequential numbers.
- Review Connected Apps: Periodically check and remove any third-party apps that have access to your Gmail account, especially if they’re no longer in use or come from unverified developers.
- Stay Educated: Awareness about the latest phishing scams or email threats can help users recognize and avoid potential pitfalls.
- Backup Important Emails: Regularly backup essential emails to another storage solution, ensuring that critical information isn’t lost even if the email account faces issues.
In an era where cyber threats are rapidly evolving and phishing campaigns are becoming more intricate, these enhancements showcase Google’s commitment to user security. It serves as a reminder to Gmail users about the importance of enabling advanced security measures, such as two-factor authentication, and staying vigilant about the activities in their accounts.