Dive Brief:
- To protect its group of "high risk" Gmail users, those susceptible to personalized attacks, Google is implementing an Advanced Protection Program for Google Accounts, according to a company announcement. The program requires enrollment, and afterward, automated security defenses will constantly update against "emerging threats."
- The program implements the use of Security Keys, or USB/wireless devices, for two-Step Verification, an extra layer of protection against phishing schemes. Full access to Gmail and Drive is limited to selected Google apps to prevent inadvertently sharing information. Once launched, Account recovery redundancies are bolstered with more review and detailed questionnaires regarding the reason for the recovery.
- Enrolling in the Advanced Protection Program is open only to users with a Google account. Though Chrome is required for initial sign up, Google plans to make more browsers accessible in the future.
Dive Insight:
As of last year, Microsoft still remains the most popular form of cloud email over Google. Email remains the most used form of communication in the workplace, and 73% of CIOs still prefer the original form of digital mail. However, because of its popularity, it is most vulnerable to attacks, including those reliant on human error like phishing schemes.
The features are available for any Gmail user, but Google highlighted "high risk" users who can be specifically targeted to obtain sensitive information, such as journalists or individuals with sensitive data. Google identified this small group as a particularly vulnerable audience who can receive more personalized attack which may appear more authentic.
Encrypted email providers are of growing importance for securing a company's sensitive data, but faulty migration to cloud-based platforms can also be a threat, as seen in Deloitte's recent breach.
Still, companies such as Google are capitalizing on growing user concerns about the safety of their online accounts. Encrypted email services already exist on platforms like ProtonMail.
Major players in the market like Microsoft Outlook, Gmail and Yahoo are all expected to adopt heightened security practices for consumers. Yahoo's 2013 data breach is still impacting its customers after a recent disclosure that three billion users were affected, not one billion.
Email services are an integral party of every business' technical infrastructure, whether through cloud or on-site software. Microsoft, for example, accommodates its users with cloud-based Office 365 or desktop versions of the platform, and both structures of email services need strong security systems.