Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Monday, November 19, 2018

Google Introduces Work Insights and the Investigation Tool

Have you ever wondered if your G Suite subscription is actually being put to good use?


Work Insights is a new tool to that lets you see how much impact G Suite is making on your organization. It does this by showing you data on which teams are using G Suite and which apps they use frequently, how they are using the apps to collaborate, how much time the teams are spending in meetings, and much more. Essentially, Work Insights gives you an overview of how G Suite enables your team members to work together.

Photo source: G Suite Updates Blog

Admins can look at adoption charts in Work Insights to analyze trends and track deployment progress. This data is useful for bench-marking and for identifying which team members may need additional training on applications. This can be especially relevant if your organization is shifting from legacy tools to G Suite.

Photo source: G Suite Updates Blog

Currently in beta, Work Insights is available to organizations subscribed to G Suite Enterprise or Enterprise for Education. G Suite admins who want to try it now can fill out the Beta Test Application form.

Are you aware of potential security risks within your G Suite domain?


Google understands every organization's need for simplified security management. The security center, which they introduced earlier this year, brings together security analytics, actionable insights, and best practice recommendations. Recently, they announced the general availability of the new investigation tool which integrates remediation to the prevention and detection features of the security center. G Suite admins can use the new investigation tool to identify suspicious device activity, find out if classified Google Drive documents have been shared to outsiders and hence cut access, remove emails that can compromise account security, and more.

Photo source: G Suite Updates Blog

The investigation tool has a simple user interface. Admins can identify threats and take action with a few clicks--no need to analyze logs or run complex scripts.

The investigation tool is now available to G Suite Enterprise customers.

References


Gain deeper organizational insights and take action with new G Suite features [Web blog post]. (2018, September 18). Retrieved September 23, 2018, from https://gsuiteupdates.googleblog.com/2018/09/gain-deeper-organizational-insights-and.html

Sawers, P. (2018, September 18). G Suite’s new Work Insights tool reveals adoption and collaboration rates within your company [Web blog post]. Retrieved September 23, 2018, from https://venturebeat.com/2018/09/18/g-suites-new-work-insights-tool-reveals-adoption-rates-and-collaboration-within-your-company/

Friday, March 31, 2017

Here's an even beefier tier of G Suite!

Most of us know that G Suite is offered in two tiers; Basic and Business. Announced January 31st of this year, G Suite is now available at a premium level; G Suite Enterprise. Here's a quick breakdown of the respective tiers:

G Suite Basic is a professional office suite of collaborative productivity apps that offers your business professional email, shared calendars, online document editing and storage, video meetings, and much more. Basic is offered at $5 per user per month.

G Suite Business is the enhanced office suite. In addition to everything available in G Suite Basic, it includes unlimited Google Drive storage and Google Vault for everyone in your organization, plus additional Drive administration, auditing, and reporting features. Business is offered at $10 per user per month.

G Suite Enterprise is the new premium office suite. In addition to everything available in G Suite Business, it includes advanced administrator controls and customization features. Enterprise is offered at $25 per user per month.

Although many small to medium sized business may not consider the Enterprise tier, it's a value-packed and full-featured version of G Suite from all angles. To start, administrators on an Enterprise subscription get the following abilities:
Google extending DLP (data loss prevention) to Google Drive, making it even easier for admins to secure sensitive data, control what content can be stored and protect users from accidentally sharing confidential information externally.
In addition to these administrative features, Enterprise users get data loss prevention for Gmail and Drive to prevent leakage of sensitive data, such as credit card numbers, via emails or Drive. Users can set up policy-based actions to notify the admin, add warnings to message headers, or block emails from being sent when sensitive content is detected. Over 50 detectors for sensitive content matching are available with custom rules to provide warnings or block sharing. Enterprise also allows you to integrate Gmail with third-party archiving tools to help you meet complex email compliance requirements; this goes beyond archiving with the Google Vault service. These are definitely premium features but one of our favourite's is the ability to use dial in numbers for Google Hangouts/Meetings so team members on the road can feel connected and productive in meetings despite wi-fi or data issues.

The new tier is definitely great for businesses, but is also ideal for Education, Government, and even non-profits. With the new Enterprise tier, Google brings all of the great services from it's other G Suite tiers, along with a few new ones of it's own, to really meet the needs of organizations that require the above and beyond. Find more details on Enterprise here: https://gsuite.google.com/solutions/enterprise/

InterlockIT is pleased to announce that Google is now offering discounts of up to 40% on upgrades to Enterprise for existing G Suite Basic and Business customers (some conditions apply). This offer is valid until June 30, 2017, so hurry up and get in touch with us today to learn more!

Thursday, June 30, 2016

Fastest way to login securely (no password needed!) - Google Prompt

Everyone uses passwords, but sometimes even passwords aren't enough to prevent security breaches. Quickly adopted by millions of users, Google introduced an added measure of securing email and data, known as 2-Step Verification. We've written a dedicated post about it here: http://blog.interlockit.com/2015/03/two-step-verification-added-layer-of.html. It's a great way to ensure your emails and documents are safe, but requires you to retrieve a code via text or Google's Authenticator app which you then have to enter, every 30 days if you so choose.

There's an easier way now; Google Prompt. Instead of typing in your password each time you sign in to your Google Account, you can get a prompt sent to your phone. Simply, tap the notification from Google to confirm, and you'll be signed in quickly and securely.

You'll need an iPhone 5S and up or an Android device for Google Prompt to work. Setting it up is a piece of cake:

  1. On your computer or tablet, go to the "Sign in & security" section of My Account. You might need to sign in to your Google Account.
  2. In the "Tired of typing passwords?" box, select Get started.
  3. Select Set it up, then sign in to your account. You'll be taken to a guided setup process.
  4. In the "Your phone" section, choose which phone you want to use to sign in.
  5. Turn on your device's security feature.
    • Android: If there isn't a check next to "Screen lock," select Add a screen lock and follow the onscreen instructions.
    • iPhone: If there isn't a check next to "Touch ID," select How to set it up and follow the onscreen instructions.
  6. Choose Next.
  7. Below your username, select Next to practice how you'll sign in.
  8. On your phone, follow the onscreen instructions to see Google's prompt, then tap Yes.
  9. On your computer or tablet, select Turn on to the finish setup.
That's it! Now whenever you attempt to sign in to your Google Account, you'll get a "Trying to sign in?" prompt sent to your phone, just tap Yes and you're in!

Google understands security doesn't have to be tedious and Google Prompt makes for a quick and effortless way to access your account while maintaining a higher level of security than your average password. Contact our Interlock IT team today to secure your precious data with Google Apps!

Thursday, October 29, 2015

Phishing - Avoiding malicious emails and links

Phishing attacks trick users into sharing personal information online and are typically done through email, ads, or compromised sites that look similar to sites that you may already use. What we see in our customer base are Google Apps and Gmail accounts that get hijacked and then used to send emails to further compromise more accounts. This normally happens when an end user enters their email address and password into a malicious website from an email link supposedly from a coworker or trusted source. Often this is a faked page that uses legitimate logos and text but normally with errors that may raise red flags for you. Phishing emails are also personalized sometimes which makes it more difficult for the recipient of the email to assess credibility.

An example of a malicious website from an email link. It may look legitimate, but the URL shows it's a hacked website.

There are a number of ways users can protect themselves and their organization from being victim to phishing attacks. The best way is to turn on two-step verification. Enabling two-step verification will require the user to authenticate beyond a username and password. It's an extra step, but ensures that the account is extremely difficult to compromise because even if an attacker has your username and password, they are unable to access your account without a unique, time-sensitive code. Here is how you can enable two-step verification for your Google Account.

Phishing is often successful when a user becomes complacent and too busy or rushed to bother checking the source of an email or site. Being aware and diligent, especially towards unexpected emails or attachments, can help you recognize when you are being targeted for phishing. Always confirm that the URL corresponds to the site you're expecting to see and before you enter your credentials, be sure to check for a trusted domain like google.com or facebook.com and that it's not something like google.xyzname.com or facebook.xyzname.com. If you are the slightest bit unsure, don't enter your login information and contact the person who sent you the email.

Another way to ensure the legitimacy of a site is to check whether the URL begins with https:// (s for secure) and has a lock symbol next to it. The lock means that the site is encrypted, which doesn't necessarily mean it's not hacked, but is a dead giveaway if it is missing.

Many account hijackers will email your contacts attempting to also gain access to their accounts, and then delete all your contacts. To add to the maliciousness, email filters may be used so that you don't see emails from people telling you your account has been compromised.


This phishing website attempts to trick users into giving away their login credentials and propagates by email. User's tend to login without actually looking at the URL first. We've reported the link and Chrome has already blocked it.

Tip: Always check the URL in your address bar, because if it's not from a legitimate root domain like google.com, it could be malicious.

If you do come across a malicious site or link, do not forget to report it. You can follow common advice by "reporting to an appropriate party" but  they typically do nothing. Take action and save your coworkers, family and friends from the bad guys by immediately submitting malicious links to Google. Often within as little as an hour of filing the report, the site will get blocked from Google search and Google Chrome. Firefox is relatively fast also, but Internet Explorer can take weeks to start blocking it.

Lastly, virus scanners rarely catch much in our experience but are still a necessary protection for the occasional time they do prevent problems. We recommend Symantec Endpoint Protection because it provides a cloud based console for monitoring your protection status across the company.


Unfortunately phishing sites still increasingly trick many users into surrendering their personal information and credentials. Hopefully this post has shed light on how you can help yourself and others avoid becoming victims of phishing. For all your technical assistance and needs with Google Apps, make sure to contact our InterlockIT team!

Wednesday, March 11, 2015

Two-Step Verification: An added layer of security


You most likely use passwords everyday in your life. Unfortunately, they are not as secure as they once used to be. Even if all your passwords are different across a multitude of accounts, it will do little to ensure security if an attacker gains access to your email. To be blunt, passwords are fundamentally flawed. To add an extra layer of protection from malicious attackers trying to pry their way into your account, consider 2-step verification. 2-step verification ensures security of your account beyond a regular username and password with added authentication.

Authentication is a step of proving that you are indeed yourself, the legitimate owner of the account, before granting access. The problem with standard authentication is that it only relies on something you know, a username and a password. Often, this can be guessed, cracked, or compromised in some wayAttackers, if equipped with these credentials, can easily access the account cloaked as the authentic user, making it difficult to regain control. 2-step verification is built upon something you know such as a password, and something you have like a mobile phone, fingerprint, or key.

This is where Google 2-Step verification steps in. Logging into a Google Account that has 2-step verification enabled, requires a unique, time-sensitive code in addition to the standard username and password (this code can be sent to your phone via SMS or with an application like Authy or Google's own Authenticator). It is an extra step, but it helps ensure that your account is extremely difficult to compromise. Essentially, with Google you are combining two things: your standard credentials and something that only you have access to--your phone. Think of Google's 2-step verification as a layer of security similar to that of a bank's ATM. You insert your bank card (something you have) and input your PIN (something you know). A robber would need to gain access to both of these factors to gain access to your account, plus, with 2-step verification, your "PIN" changes every 45 seconds.


The process to set up your Google 2-Step Verification is user friendly and generally takes about 15 minutes. This small amount of time to ensure maximum security to your invaluable data will save you the stress of having your account compromised.

Signing in with Google's 2-Step Verification is simple.
  1. Go to the sign-in page and enter your username and password like you normally do.
  2. Google's system authenticates your username and password, and if they are correct, you will then be asked for a six-digit code, which you'll get from your phone.
  3. After you turn on 2-step verification, non-browser applications and devices that use your Google Account will require an application-specific password to allow this application to connect to your account -- you only have to do this once for each application or device.
The benefits of 2-step verification are simple: Access to an account depends on a user to consult the source that is not readily available on the computer and is singularly designated in order to gain access to an account. 2-step goes much further to protect your information, as criminals have to work much harder to compromise your accounts.  

Set up 2-step verification on every account you can. In addition to using a secure, unique password for each account you have, it's one of the best and easiest ways you can protect yourself against any kind of data vulnerability.