Google Introduces Work Insights and the Investigation Tool

Have you ever wondered if your G Suite subscription is actually being put to good use?

Work Insights is a new tool to that lets you see how much impact G Suite is making on your organization. It does this by showing you data on which teams are using G Suite and which apps they use frequently, how they are using the apps to collaborate, how much time the teams are spending in meetings, and much more. Essentially, Work Insights gives you an overview of how G Suite enables your team members to work together.

Photo source: G Suite Updates Blog

Admins can look at adoption charts in Work Insights to analyze trends and track deployment progress. This data is useful for bench-marking and for identifying which team members may need additional training on applications. This can be especially relevant if your organization is shifting from legacy tools to G Suite.

Photo source: G Suite Updates Blog

Currently in beta, Work Insights is available to organizations subscribed to G Suite Enterprise or Enterprise for Education. G Suite admins who want to try it now can fill out the Beta Test Application form.

Are you aware of potential security risks within your G Suite domain?

Google understands every organization's need for simplified security management. The security center, which they introduced earlier this year, brings together security analytics, actionable insights, and best practice recommendations. Recently, they announced the general availability of the new investigation tool which integrates remediation to the prevention and detection features of the security center. G Suite admins can use the new investigation tool to identify suspicious device activity, find out if classified Google Drive documents have been shared to outsiders and hence cut access, remove emails that can compromise account security, and more.

Photo source: G Suite Updates Blog

The investigation tool has a simple user interface. Admins can identify threats and take action with a few clicks--no need to analyze logs or run complex scripts.

The investigation tool is now available to G Suite Enterprise customers.

References

Gain deeper organizational insights and take action with new G Suite features [Web blog post]. (2018, September 18). Retrieved September 23, 2018, from https://gsuiteupdates.googleblog.com/2018/09/gain-deeper-organizational-insights-and.html

Sawers, P. (2018, September 18). G Suite’s new Work Insights tool reveals adoption and collaboration rates within your company [Web blog post]. Retrieved September 23, 2018, from https://venturebeat.com/2018/09/18/g-suites-new-work-insights-tool-reveals-adoption-rates-and-collaboration-within-your-company/

Security breach! How to prevent your G Suite domain from getting hijacked

Legacy security solutions are no longer as effective against todays clever hacking methods, and on-premise hardware can often lack sufficient scale and performance to protect internet connected application infrastructures as they grow. As more organizations move their operations online, they need a cloud-based security solution that can defend their domain, email, valuable data, and in some instances, brand image.

Lately we have witnessed increasingly clever phishing attempts in our customer base. Some of these attempts are so sneaky you'd need to do a double or triple take to notice it as a red flag. Take for example a long time customer of ours who was sent an email with an almost identical domain name (only one letter was different). The email came from the actual domain name, meaning that the hacker had invested the time and money to purchase and configure the domain with the intent to hijack the real customer domain. Luckily our customer realized it was a malicious email and immediately deleted it and reported the domain to Google.

G Suite's cloud based security protocols are top notch. Google recently added a new security feature in Gmail to warn users when responding to emails sent from an external domain and not someone in their contacts. This feature increases awareness against forged email messages, impersonation, as well as common user-error when sending mail to incorrect addresses.

When a user clicks 'reply' in Gmail, Google scans the recipient list, including addresses in CC to verify the risk level. If a recipient is external to the user’s organization, not present in their Contacts or not someone the user interacts with regularly, the warning is displayed automatically. This is a subtle, yet powerful, way to keep your users vigilant.

A valuable step to take to prevent a hijacking is to create a rule in Gmail to bounce emails from domains that have close spellings. Here's how:

1. Login to your G Suite Admin account.
2. Go to Apps ---> G Suite ---> Mail ---> Advanced Settings
3. Under the Spam Section, Blocked Senders ---> Configure
4. Enter a (very) short description for the summary of what's being blocked
5. Use an existing list or create a new list for the addresses that are going to be rejected (you can choose single or multiple domains and single or multiple email addresses.)
6. Optional; you can edit the rejection notice that the sender will receive in the blocked bounce-back (leaving it blank will use the default).
7. "Bypass this setting for messages received from addresses or domains within these approved senders lists." - this option can be ignored (defaults to being checked off, but does not matter unless a list is created or used in this section).  This option also serves the purpose of allowing exceptions that can still send (eg. malicious.ca is blocked, but hacker@malicious.ca is allowed, or malicious.ca is blocked, but hackers.malicious.ca is allowed to bypass).

As long as we live in a world of technology, attackers will always look for ways to target us. As the internet evolves, the methods and techniques used by these attackers evolve along with it. It's important to understand that vulnerabilities do exist and the best way to avoid a compromised system is to set preemptive measures like the ones G Suite offers. The challenge with web security lies in that very changing nature. True cloud solutions offer the latest and most secure methods to provide the utmost protection for your online assets.

To learn more about cloud security and G Suite, contact Interlock IT today!