Asset Protection

Email spam, phishing and malware protection

Gmail protects your incoming mail against spam, phishing attempts, and malware. Our existing machine learning models are highly effective at doing this, and in conjunction with our other protections, they help block more than 99.9% of threats from reaching Gmail inboxes. One of our key protections is our malware scanner that processes more than 300 billion attachments each week to block harmful content.⁶ 63% percent of the malicious documents we block differ from day to day.⁷ In addition, Gmail can scan or run attachments in a virtual environment called Security Sandbox. Attachments identified as threats can be placed in users' Spam folders or quarantined.

We’re continuing to improve spam detection accuracy with early phishing detection, a dedicated machine learning model that selectively delays messages (less than 0.05 percent of messages on average) to perform rigorous phishing analysis and further protect user data from compromise.

Our detection models integrate with Google Safe Browsing machine learning technologies for finding and flagging phishy and suspicious URLs. These new models combine a variety of techniques, such as reputation and similarity analysis on URLs, allowing us to generate new URL click-time warnings for phishing and malware links. As we find new patterns, our models get better with time, and adapt more quickly than manual systems ever could.

Enable Advanced Phishing + Malware Controls

As an administrator, you can protect incoming mail against phishing and harmful software (malware). You can also choose what action to take based on the type of threat detected.

Attachments—Protection against suspicious attachments and scripts from untrusted senders. Includes protection against attachments types that are uncommon for your domain—these can be used to spread malware.

From the Admin console Home page, go to Apps> Google Workspace> Gmail> Safety.
In the Safety section, scroll to Attachments.
Select the setting and action you want to apply to incoming emails.
Hit Save

Gmail Safety- attachments.mp4

Increase email security with the security sandbox

Email attachments can include malicious software that might be missed by traditional antivirus programs. To identify these threats, Gmail can scan or run attachments in a virtual environment called Security Sandbox. Attachments identified as threats are sent to the recipient's Spam folder.

To Enable Security Sandboxing :

Sign in an admin to admin.google.com
From the Admin console Home page, go to Apps>Google Workspace>Gmail>Spam, Phishing and Malware.
Select the organizational unit you want to configure settings for. If you want to configure settings for everyone, select the top-level unit. Or, select one of the child organizational units.
Scroll to Security Sandbox in the Spam, Phishing and Malware section. Security Sandbox rules are at the bottom of this section.

Security sandbox.mp4

Email spoofing prevention

Spammers can sometimes forge the “From” address on an email message so that it appears to come from a reputable organization’s domain. To help prevent this email spoofing, Google participates in the DMARC program, which lets domain owners tell email providers how to handle unauthenticated messages from their domain. Google Workspace customers can implement DMARC by creating a DMARC record within their admin settings and implementing an SPF record and DKIM keys on all outbound mail streams.

Spoofing and authentication

Protection against spoofing a domain name, employee names, email pretending to be from your domain, and unauthenticated email from any domain. Unauthenticated emails display a question mark next to the sender’s name. Spoofing protection can be turned on for private groups, or for all groups.

From the Admin console Home page, go to Apps> Google Workspace> Gmail> Safety.
In the Safety section, scroll to Spoofing and authentication.
Select the settings and actions you want to apply to incoming emails.
Hit Save

Gmail Safety- Spoofing _ authentication.mp4

Hosted S/MIME to provide enhanced security

With Google’s hosted S/MIME solution, once an incoming encrypted email with S/MIME is received, it is stored using Google's encryption. This means that all normal processing of the email can happen, including extensive protections for spam, phishing and malware, as well as admin services (such as vault retention, auditing and email routing rules) and high-value end user features such as mail categorization, advanced search and Smart Reply. For the vast majority of emails, this is the safest solution, giving the benefit of strong authentication and encryption in transit without losing the safety and features of Google's processing.

Gmail confidential mode

Gmail users can help protect sensitive information from unauthorized access using Gmail confidential mode. Recipients of messages in confidential mode don't have the option to forward, copy, print, or download messages, including attachments. Users can set a message expiration date, revoke message access at any time, and require an SMS verification code to access messages.

Enable Email Confidential Mode

As an administrator, you can turn on confidential mode to allow your users to help protect sensitive information from unauthorized or accidental sharing.

Confidential mode messages don't have options to forward, copy, print, or download messages or attachments.

Head to Gmail settings in Admin Console ( Apps > Google Workspace > Gmail > User Settings)
Check Enable confidential mode box
Click SAVE

Learn More

Data Loss Prevention (DLP) for Gmail and Drive

Data loss prevention (DLP)⁸ adds another layer of protection designed to prevent sensitive or private information such as payment card numbers, national identification numbers, or protected health information, from leaking outside of an organization. DLP enables customers to audit how sensitive data is flowing in their enterprise or turn on warning or blocking actions, to prevent users from sending confidential data. To enable this, DLP provides predefined content detectors, including detection of global and regional identifiers, medical information and credentials. Customers can also define their own custom detectors to meet their enterprise needs. For attachments and image-based documents, DLP uses Google’s optical character recognition to increase detection coverage and quality. Learn more here about Gmail DLP. DLP can also be used to prevent users from sharing sensitive content in Google Drive or shared drive with people outside of your organization. In addition, customers can automate IRM controls and classification of Drive files advanced DLP rules.

Setup Custom DLP Rules for Gmail

Scan Gmail with custom DLP rules to quarantine, reject or modify the message to prevent critical data from being shared.

Sign into Admin console as a Super administrator account or a delegated admin account
Select the 3 horizontal lines on top left next to Google Admin > Apps > G Suite > Settings for Gmail
Select Compliance > scroll down to Content Compliance > Add another rule
Select Email messages to affect options
Select Add under Expressions > Advanced content Match
Select Match Type > scroll to select Matches Regex > input regex expression and other details > Save
Choose Quarantine option where applicable > Save
Changes may take 24 hours to propagate to all users

Setup Custom DLP Rules for Gmail.mp4

Setup Custom DLP Rules for Drive

With Data Loss Prevention (DLP) for Drive, organizations can create complex rules that combine triggers and conditions.

To create a custom DLP for Drive:

Sign into Admin console as a Super Administrator account or a delegated admin account.
Select Security> Data Protection > Detectors.
Select Add Detector to add a new detector.
Select New Rule, choose the Organizational Unit to apply the rule > Continue
Check File Modified
Under Conditions, select All Content > Matches regex detect > “name of custom detector”
Select Continue>Create>Active

Setup Custom DLP Rules for Drive.mp4

Maintain DLP Rules

After creating DLP rules or custom detectors, it is possible to view, edit and activate or maintain them for each organizational unit.

Sign into Admin console as Super Admin or delegated admin.
Select Security > Data Protection
Select Manage Rule to maintain rules
Select Manage Detectors to maintain detectors

Maintain DLP Rule.mp4

Enabling OCR to Read Images

Optical character recognition (OCR) is a technology that extracts text from images. It scans GIF, JPG, PNG, and TIFF images. If you turn it on, the extracted text is then subject to any content compliance or objectionable content rules you set up for Gmail messages.

Note: OCR doesn’t scan images embedded in attached files, such as Adobe PDF or Microsoft Word documents. And, it's not always 100% accurate. Sometimes, it doesn’t detect content that triggers a compliance setting action.

Enabling OCR.mp4

Page updated

Report abuse