Gmail Update Helps Protect Businesses from Phishing, BEC Threats

NEWS ANALYSIS: Some of the most important security features in the updated Gmail, such as the anti-phishing and anti-spoofing tools, will be particularly valuable to businesses.

email security

The new release of Gmail, which became available on April 25, is being aimed primarily at Google’s G Suite customers, but individuals with Gmail accounts will see the same improvements. The changes include a refreshed interface along with side panels that offer access to other features, such as the calendar and a to-do list. 

Other more important features aren’t so obvious. The new security features mostly run in the background and won’t appear until you need them. Other features are less obvious because they’re not actually part of Gmail yet. 

Google said in its announcement that they will appear in the future. Gmail users can take a look at the new features that are available now by going to Gmail’s settings, and clicking on the trial of the new Gmail.

The most important features for business allow an email sender to control what happens to the message after it’s delivered. There’s an information rights management feature that allows the sender to prevent the email from being forwarded, printed, downloaded or copied. This effectively closes a significant security hole that affects Gmail, as well as a number of other mail clients. 

Also important are phishing protections that are intended to flag business email compromises (BEC) as well as spoofing attacks. The updated Gmail will also flag untrusted senders. Suspected phishing emails are flagged with a prominent red notice that the email is suspicious. While such a notice won’t eliminate the need for training, it will help employees determine when they should stop and think before clicking on a link in an email. 

The phishing protections will look at the contents of shortened URLs to see if they lead to malicious sites. They will flag spoofed domains and domain names that are intended to look like your company’s domain, which is an important tactic in email spoofing. Gmail will also flag unauthenticated emails to help fight spear phishing. 

Google says that its Artificial Intelligence-driven filtering is good enough that more than 99 percent of suspected BEC emails are either sent to the spam folder or flagged as suspicious. Considering that BEC is a serious and growing problem for businesses, this could make a huge difference. 

But the ability to flag most if not all phishing emails is critical, since virtually all of the successful data breaches recently have started with a phishing email that either yielded credentials, or which loaded malware on to a network. Of course, once Gmail’s protections get into full swing, the attackers will find other attack tactics, but perhaps those AI capabilities will flag those as well. 

Google is also adding the ability to give messages an expiration date and to revoke previously sent messages. There will also be a feature that can require two-factor authentication by the recipient of a message. This means that they will need to respond to a message sent to their mobile device before they can receive a message. Google said that this way, even if a person’s Gmail account had been hijacked, a message protected by the extra authentication still couldn’t be viewed. 

Most of the other changes to Gmail are convenience items, such as a “nudge” feature that reminds you to answer emails that might have scrolled off the screen. There’s also an automatic reply feature that lets you click on a button to agree to a question, or to select another simple preconfigured reply when all that’s required is a quick response or an acknowledgement that the email has been received. 

Such features can save a busy user hours of time when added up, as can the ability to prioritize some emails, while putting others into a “snooze” mode so that you can deal with them at a more convenient time, while also removing them from the list of messages in your inbox. 

Other conveniences are the ability to open attachments without having to open an email, and the ability to respond to some types of emails simply by hovering your mouse pointer over them. You can also use an email to set up a meeting in the calendar. 

Google gives you three choices of how the Gmail screen looks, and you can change those whenever you want to. The differences are fairly minor, but ultimately it affects how densely the emails are displayed on your screen. However, none of the changes looks markedly different from the previous Gmail screen. 

As nice as the new screen and the convenience features are, it’s the security that really matters. Google has found specific ways to overcome the social engineering that’s one of the biggest security threats these days. 

By providing a real capability to flag phishing and BEC emails, Gmail users are less likely to fall for those schemes and that reduces the chances companies will be successfully attacked through phishing and other malicious messages. 

Google has also shown that it’s possible to create an email system that has the means to defend users and organization from the most serious security threats that they face every day. By finding ways to combat phishing and BEC, companies have another line of protection and for companies using Google’s G Suite this is very important. 

But not every company is using G Suite and changing from one email system to another is not a trivial matter. What needs to happen is for other email providers, notably Microsoft, to emulate what Google has done in terms of email security. While employee training is still important in the fight against breaches, having automated tools will go a long way in at least blunting the threats.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...