For many, Gmail is the definitive email provider. It’s certainly a significant player in the field: Gmail now has over 1.2 billion users, accounting for 20% of the global email market and 27% of all email opens worldwide. A staggering amount of information is sent via Gmail every second, so it’s essential that all that data is properly secured.
While Google offers best-in-class security and privacy controls, there are still some steps you should take to ensure that your private data doesn’t fall into the wrong hands anytime soon. Here are five steps you can take to improve Gmail security:
1. Complete the Gmail security checklist.
For starters, Google provides an easy checklist of steps you should take to secure Gmail. Some of the more interesting steps take advantage of features that most users don’t know about, such as the ability to see the IP addresses (and locations) last used to access your account, so if an unauthorized user is snooping around your inbox, you can see when and where.
Others, however, focus more on preventing your system (or device) from being compromised. The Gmail security checklist urges users to adopt best security practices, such as using an anti-malware scanner and making sure your operating system is up to date.
2. Choose safe email passwords.
By now, it’s common knowledge that you need to create strong passwords and update them regularly, but it’s worth repeating some key ground rules. It’s not enough to just use a few numbers or characters, or to make something really long—you’ve got to get creative.
For starters, to keep your inbox secure, your passwords should use both lower and uppercase characters. Ideally, a password should jump between both in a seemingly random way. Special characters are also a good idea, as are numbers. You could also consider using a passphrase with a few memorable words. While it might be slightly less secure than a random string of characters, you’re more likely to remember it—which means you’re less likely to write it on a sticky note or repeat the same phrase across multiple accounts.
Gmail allows you to use up to 200 characters for your password, meaning that this entire sentence could potentially be a password. Now, while you’re unlikely to create a password that long, a strong password has at least 16 characters and preferably over 32.[sc name=”gsuite-guide”]
3. Turn on 2-Step Verification.
While a strong password is important, it should never be the only line of defense for securing your Gmail account. When you enable 2-Step Verification, anyone attempting to log in to your account will need the unique code sent to your phone, in addition to your password to gain access to your account. This step is a form of two-factor authentication (2FA), and while it’s been around for a little while now, it’s worth highlighting, because nearly one-third of people have never used 2FA.
2-Step Verification requires would-be hackers to not only know your password but also to have physical control over your computer or mobile device to retrieve the unique code and ultimately gain access to your account. Although it doesn’t protect your email content directly, it does help secure Gmail from unauthorized logins—a huge bonus for protecting the contents of your emails.
4. Recognize and avoid phishing attempts.
Phishing is the practice of sending fraudulent emails to individuals in a ploy to get them to send sensitive information to attackers. Phishing is both prevalent and costly: 1 in 99 emails is a phishing attempt, and they cost businesses on average $54,000. Gmail will filter many phishing emails as spam, but some still get through.
Don’t want to fall prey to a phishing attack? Whenever you are sent an email that requests your information, don’t click any links in the email itself. Instead, navigate to that company’s website and directly log in to your account there.
It’s also a good idea to beware of red flags, such as legal threats and misspelled words. Finally, if you ever feel the slightest suspicion about the nature of an email, simply contact the person or organization that claims to have sent it and ask for yourself.
5. Layer encryption for ultimate security.
While complicated passwords and multi-step authentication are important, encryption is the cornerstone of any secure Gmail inbox. In simple terms, encryption conceals data so that it can’t be accessed without the right encryption key.
There are a few different ways to encrypt your emails. First of all, the Gmail server is automatically protected by network-level encryption. This layer of encryption protects your emails within Google’s network or while they’re in transit from sender to recipient. However, once your email leaves Google’s network, it is no longer protected.
Google has recently rolled out another layer of security: Gmail Confidential. Gmail Confidential provides some basic access control features, such as disabled forwarding and access revocation. It’s a step up from traditional Gmail protection, but it’s still a limited feature—and crucially, it still doesn’t encrypt the email content itself.
Even with Google’s network encryption and Gmail Confidential, your data is still vulnerable unless you adopt a solution that provides client-side encryption. In other words, Gmail’s built-in security does a pretty good job, but the actual content—messages and attachments—of the emails you send aren’t encrypted and are vulnerable to exposure.
Client-side encryption closes that loophole. This data-centric encryption method scrambles the contents of your emails into ciphertext so that they’re unreadable without the right encryption key. That way, even if your email is intercepted while it’s in transit, your information is still protected from unauthorized access.
Unfortunately, most client-side encryption methods, such as PGP and S/MIME, are complicated to set up and impossible to use without first exchanging keys or certificates with your recipient.
If you’re looking to implement more comprehensive protection, check out our post: The Definitive Guide to Gmail Encryption. You can also supplement Gmail’s security with a third-party app like Virtru for truly hassle-free client-side encryption. This level of protection secures Gmail with data-centric protection that protects your data both at rest and in transit. Check out the video below to learn more.