In this article
  • Pre-delivery message scanning
  • Disable bypass spam filter
  • Configure SPF setting
  • Configure DKIM setting
  • Configure DMARC setting
  • Email attachment scan settings
  • Gmail spoofing settings
  • Security sandbox setting
  • SMTP MTA-STS protocol
  • Hosted S/MIME
  • Spam header settings
  • Comprehensive mail storage setting
  • Physical security key
  • Data backup strategy

Gmail Security Settings: Strengthen Gmail Security against Phishing and Ransomware

16 Dec 2024
|
7 min read
|
Gabby Maletto
twitterlinkedin
Blog Articles

Article at a glance

Enhancing Gmail security settings is crucial for protecting your account from unauthorized access:
  • Key settings include enabling two-factor authentication (2FA), regularly updating your password, and reviewing account activity to detect suspicious behavior.

  • Other important steps involve managing third-party app access and setting up account recovery options to secure your data.

Read more

In 2024, phishing and ransomware attacks have escalated significantly, posing substantial threats to organizations worldwide. Phishing remains the most prevalent email attack method, accounting for 39.6% of all email threats. Ransomware attacks have also increased, with the first half of 2024 witnessing over 2,500 incidents, averaging more than 14 publicly claimed attacks daily. The financial impact of all this is profound, with ransomware losses in the U.S. projected to exceed $40 billion this year.  

To learn more about why back up Google Workspace, read this article. 

When it comes to ransomware and phishing attacks, it is always best to take the time-tested method of prevention than seek a cure after the damage is done!  
In this article, we will review Gmail security settings to protect your data from phishing and ransomware attacks.  

1. Pre-delivery message scanning to prevent phishing and spamming

To avoid phishing and spamming emails in your inbox, Google has introduced a feature that allows Gmail to scan a message before delivering it into your inbox. If Gmail identifies any suspicious content, it introduces a short delivery delay to perform additional checks. If it does find any suspicious content, it is then sent to the spam folder.  
As an administrator, you can enable enhanced pre- delivery message scanning in the Google Admin Console.  

Note: Enabling pre-delivery message scanning might delay the delivery of some messages for up to 4 minutes.

How does it work?

How can you do it?

  • Read the article on enhanced pre-delivery message scanning to learn how to set it up.

    • 2. Disable bypass spam filter to scan all internal emails and suspicious links

    Unethical hackers use social engineering strategies to trick users into giving out their account credentials. A careless employee is all it takes for a cybercriminal to gain access to your business data. The attacker can use the compromised account as a launching pad to corrupt other user accounts!  
    A simple solution that will help you stay one step ahead of attacks from compromised accounts is to let Gmail scan all internal emails as well for spam and suspicious links.  

    How does it work?  

    How can you do it?  

    Read the article on advanced phishing and malware controls to learn how to set it up. 

    3. Configure SPF setting to receive emails only from designated email servers

    Cybercriminals use every trick in the book to swindle businesses. One of the most common online frauds that popular brands are especially vulnerable to is the brand impersonation phishing attack. The aim of such attacks is to either gain confidential data of the targeted victim or to ruin the reputation of the targeted brand.  

    To prevent your organization from getting spoofed, you can create a Sender Policy Framework (SPF) record for your domain. An SPF record is a type of DNS record that identifies email servers permitted to send emails on behalf of your domain. Recipients can refer to the SPF record to determine whether an email claiming to be from your domain comes from an authorized email server.  

    How does it work?  

    How can you do it?  

    To know how to set up SPF setting to your domain, read this article

    4. Configure DKIM setting to verify email authenticity

    Imagine your customers receiving a malicious email claiming to be from your organization. Thinking of it as an important email, your customers may click on the malicious links which could compromise confidential data and ruin your organization’s reputation.  
    Here is where DKIM (DomainKeys Identified Mail) can come to your rescue. DKIM is a form of email verification that allows an organization to claim responsibility for a message. DKIM works by adding a digital signature (private key) to the header of an email message. This signature can be verified by a public cryptographic key in the organization’s Domain Name System (DNS) records. Email servers that receive messages from your domain use the public key to decrypt the message header and verify the message source.  

    How does it work?  

    How can you do it?  

    Read this article to learn how to set up DKIM for your Gmail. 

    Limitations of using DKIM and SPF 

    While DKIM and SPF are useful tools to leverage the battle against domain impersonation attacks, there are three fundamental drawbacks with just relying on DKIM and SPF:  
    DKIM and SPF do not provide mechanisms for domain owners to receive reports on authentication failures. 
    These protocols do not instruct receiving servers on how to treat emails that fail authentication checks. 
    Recipients cannot easily provide feedback to senders regarding the authenticity of received emails. 

    Domain-based Message Authentication, Reporting and Conformance (DMARC) addresses all these drawbacks and can be configured for Gmail.  

    5. Configure DMARC setting to verify the email sender’s domain authenticity

    By configuring DMARC setting, administrators can prevent hackers from spoofing their organization and domain. DMARC provides strong sender authentication allowing systems to filter legitimate messages from spoofed ones. 

    How does it work?  

    Note: You can also optionally turn on Brand Indicators for Message Identification (BIMI) after you turn on DMARC. BIMI lets you add a brand logo to the authenticated messages sent from your domain. BIMI validates the ownership of the organization’s logos that are authenticated by DMARC and securely transmits them to Google. 

    How can you do it?  

    Read this article to learn how to configure DMARC setting for Gmail.  

    6. Enable email attachment scan settings to scan encrypted attachments and scripts

    One of the common phishing techniques involves sending out emails containing HTML (Hypertext Markup Language) attachments. These HTML attachments host web pages on the recipient’s device itself to avoid detection. Opening such attachments is particularly dangerous in collaboration suites like Google Workspace.  

    With Gmail, you have the option to double down on attachment scanning by choosing the following automated scanning features:  

    • Protection against encrypted attachments from untrusted senders  

    • Protection against attachment with scripts from untrusted senders 

    • Protection against unusual attachment types in emails  

    For each of these Gmail security settings, the admin can decide to either quarantine the message, move it to spam, or send it to the user’s inbox with a warning sign.  

    How does it work?

    How can you do it? 

    Read this article to learn how to enable email attachment settings to scan encrypted attachments. 

    7. Enable Gmail spoofing settings to prevent impersonation attacks

    Business Domain Impersonation happens when an impostor creates a fake brand/company website to conduct activities that can harm the target brand and its customers.  
    However, you can go beyond automated scans to leverage additional Gmail security settings:  

    • Protection against domain spoofing based on similar domain names  

    • Protection against spoofing of employee names  

    • Protection against any unauthenticated emails  

    • Protect groups from inbound emails spoofing your domain  

    For each of these settings, the admin can decide to either quarantine the message, move it to spam, or to send it to the user’s inbox with a warning sign.  

    How does it work? 

    How can you do it?  

    Read this article to learn how to set up Gmail spoofing system

    8. Enable security sandbox setting to scan attachments before delivering it

    You can set up a Gmail security Sandbox to automatically direct all emails irrespective of their origin (internal or external) to a secure sandbox (only for Education and Enterprise versions) for further inspection. Once the email and the attachment pass scrutiny, it is forwarded to the recipients.  

    Note: Scanning attachments in Security Sandbox might delay the delivery of some messages for up to 3 minutes. 

    How does it work?

    How can you do it?  

    Here is how you can set up a security sandbox setting to your Gmail. 

    9. Configure SMTP MTA-STS protocol to enforce end-to-end email encryption

    The traditional Simple Mail Transfer Protocol (SMTP) protocol has two significant loopholes that can be exploited to eavesdrop on your domain’s email communication or even redirect them to an SMTP server set up by an attacker. While SMTP promises encrypted messages, the encryption is first initiated by an unencrypted message (STARTTLS) that attackers can tamper with. Yet another nightmare scenario involves changing the recipient’s email server address (MX record) and redirecting encrypted mails to the attacker’s inbox where the emails are unencrypted.  
    Gmail now gives you the option to configure SMTP MTA Strict Transport Security (SMTP MTA-STS for short) protocol.  
    Configuring MTA-STS addresses the fundamental issue with the SMTP protocol and definitely gives your email security an upgrade.  

    How does it work?

    How can you do it?  

    Read this article to learn how to set up SMTP MTA-STS Protocol.  

    10. Enable hosted S/MIME for message encryption

    Enabling S/MIME Encryption prevents unwanted parties from tampering or compromising with the contents of emails and helps the email recipient to confirm the identity of the sender. The sender and the recipient exchange unique identification information called keys to confirm the identity and authenticity of the message.  

    Note: For S/MIME Encryption to work, both the recipient and the sender must have it enabled. 

    How does it work?

    How can you do it?   

    Read this article to learn how to enable Hosted S/MIME in Gmail. 

    11. Enable spam header settings to maximize spam filtering capacity in all routing rules

    Spam emails are the most common method used by cybercriminals to spread malware. Gmail allows you to block this vulnerability in scenarios where a spam message is automatically forwarded, especially when the inbox belongs to a group or department.  
    Spam characteristics appear in two parts of an email:  

    • Message header  

    • In the message content  

    Headers are important because they show the history of the message delivery path as well as some common characteristics of spam. Attackers forge the information in the headers to bypass the anti-spam filters. A simple solution that will help you to avoid attacks through spam emails is to enable the spam header settings in all default routing rules that you may have enabled. This will ensure maximized filtering capacity of email servers downstream and will make sure that the spam headers are retained properly.  

    How does it work?

    How can you do it?  

    Read this article to learn how to add custom spam filters to Gmail. 

    12. Enable comprehensive mail storage setting to backup emails from a non-Gmail account

    Just imagine what can happen if one of your non-Gmail users deletes an important folder and you don’t have a backup policy in place for non-Gmail accounts in your domain.   
    Gmail allows you to keep a copy of all incoming and outgoing emails associated with a user who may be using a non-Gmail service.  
    This hybrid usage of Gmail with non-Gmail email services could be a potential minefield when things go wrong.  

    How can you do it? 

    Read this article to learn how to enable comprehensive mail storage setting

    13. Use a physical security key to verify user identity

    Turning on two-factor authentication (aka 2FA) is a useful countermeasure among the many layers of security settings in Gmail. However, 2FA is not bulletproof and you are still vulnerable to specialized man-in-the-middle attacks (MITM) where the user is directed to a fake login page that collects the username, password, and temporary authentication code!  
    Using a hardware authentication key such as YubiKey or a contextually aware 2FA application like Okta can give you a stronger layer of security to thwart sophisticated phishing attacks. Recently, Google launched the Advanced Protection Program (APP) that uses a physical security key to verify identity and strengthens the password recovery process to deter phishing attacks.  

    How can you do it? 

    Read this article to learn how to set up a 2FA. 

    Data Backup and the Art of Dodging Bullets!

    Phishing and ransomware attacks thrive on one vulnerability: the victim’s desperation to regain access to critical data. A robust data backup strategy eliminates this risk by ensuring a restorable copy of your data is always available. 

    Here’s how you can build a solid defense for Google Workspace

    Encrypt Gmail and Drive data  

    Encryption ensures that even if attackers gain access, your data remains unreadable. Combined with a strong backup, encryption renders phishing and ransomware attacks ineffective. 

    Leverage backup to avoid downtime

    Beyond data loss, ransomware causes severe productivity disruptions. With an up-to-date backup of Gmail and all Google Workspace apps, you can: 

    • Restore data instantly to affected user accounts. 

    • Minimize downtime and keep your operations running smoothly. 

    Third-party cloud backup applications like SysCloud are reliable options to back up and restore your Google Workspace data effortlessly. 

    SysCloud backup for Google Workspace backs up all essential Google apps on a secure cloud. SysCloud uses Amazon Web Services (AWS) to provide a fully automated cloud-to-cloud backup and restore. 

    With SysCloud, administrators can easily recover from accidental deletions and ransomware attacks, and spot compliance gaps in the backup archives.  

    Learn more about SysCloud backup for Google Workspace. 

    In this article
    • Pre-delivery message scanning
    • Disable bypass spam filter
    • Configure SPF setting
    • Configure DKIM setting
    • Configure DMARC setting
    • Email attachment scan settings
    • Gmail spoofing settings
    • Security sandbox setting
    • SMTP MTA-STS protocol
    • Hosted S/MIME
    • Spam header settings
    • Comprehensive mail storage setting
    • Physical security key
    • Data backup strategy
    twitterlinkedin