Steps you can take to secure your mail in G Suite
It is obvious that security is the number one issue in the cyber world these days… Email is being one of the widest and most critical fronts that is often a gateway to massive corporate breaches and leaks. Because of the nature of email usage these days, having a good email security practices and environment is very critical and essential for any organization to survive in the current era of technology and advancement.
G Suite offers a lot in the security of email. There are plenty of rules and activities that you can take to make sure your mail flow is secured and is not a wide open door for attacks and risks.
The Gmail settings in G Suite Admin Console offer multiple levels of email security. And if you are using Google Vault you can even do more in securing your environment. Google Vault is a long topic I’d rather keep to a different post…
Below I will list the various ways and methods that can be used to achieve a good level of email security for your domain:
- Enable twp step verification for all of your users. This is not only for email. This is for securing the whole business mailbox that you are paying money for
- The most obvious start is you create a proper SPF record – or modify your existing one to include Google servers in it.
- DKIM is a very important element and you must make sure you enable it for your domain and any mail-enabled domain in your Admin Console
- Once you have your SPF and DKIM setup and working properly, you need to setup a DMARC policy. This is a very critical element as well
- Setup a catch all mailbox to prevent some attacks against your domain. Some spammers will keep sending email messages to random addresses in your domain until they hit a correct email address. Configuring a catch all account will prevent NDRs from being generated from your domain thus telling the spammers they got a wrong address.
- Setup your spam white lists and black lists as quickly as you can
- Look for common scam email formats or patters and create a content compliance rule to quarantine/remove attachments/reject the matching messages
- Create attachment compliance rule to remove non-default archive attachments or quarantine the email messages that contain them or even reject the whole message. Non-default archives such as RAR archives split into multiple numbered files will not be scanned by Google’s spam filters. Users will be able to open these archives and expose themselves to the bad content inside them.
- Make sure you setup good group permissions so that your internal groups are not exposed to external senders who might spam your users or even send bad messages to them
- Configure the rule for objectionable content so you can put the most common or new acquired spam/improper/phishing words into a list to search each message for and take the proper action on it (quarantine/add spam headers/reject)
The practices of email security are not to guarantee 100% safe environment but to minimize the attach surface and chance as much as we can. We will never be able to achieve the perfect setup because we need to count the end-user in all of this. Whatever security procedures we take, they are still vulnerable as much as our weakest and most vulnerable user.
Having on-going user education for the current technology and the current risks is very helpful in getting a good environment, because you might count on some end-users to act as influencers to other users who need support from other close friends or co-workers.
Check out other articles and posts: http://sysengtales.salehram.com/category/primary-posts/
Links in this article:
- Sender Policy Framework (SPF): htp://www.openspf.org
- DomainKeys Identified Mail (DKIM): http://www.dkim.org/
- Domain-based Message Authentication, Reporting & Conformance (DMARC): https://dmarc.org