7 ways admins can help secure accounts against phishing in G Suite

We work hard to help protect your company against phishing attacks—from using machine learning, to tailoring our detection algorithms, to building features to spot previously unseen attacks. While we block as many external attacks as we can, we continue to build and offer features designed to empower IT administrators to develop strong internal defenses against phishing.

Here are seven things we recommend admins do in G Suite to better protect employee data.

1. Enforce 2-step verification

Two-step verification (2SV) is one of the best ways to prevent someone from accessing your account, even if they steal your password. In G Suite, admins have the ability to enforce 2-step verification. 2SV can reduce the risk of successful phishing attacks by asking employees for additional proof of identity when they sign in. This can be in the form of phone prompts, voice calls, mobile app notifications and more.

Image 1: phishing post

G Suite also supports user-managed security keys—easy to use hardware authenticators. Admins can choose to enforce the use of security keys to help reduce the risk of stolen credentials being used to compromise an account. The key sends an encrypted signature and works only with authorized sites. Security keys can be deployed, monitored and managed directly from within the Admin console.

The Key to working smarter faster and safer

2. Deploy Password Alert extension for Chrome

The Password Alert chrome extension checks each page that users visit to see if that page is impersonating Google’s sign-in page and notifies admins if users enter their G Suite credentials anywhere other than the Google sign-in page.

Admins can enforce deployment of the Password Alert Chrome extension from the Google Admin Console (Device management > App Management > Password Alert)—just sign in and get started. You should check “Force installation” under both “User Settings” and “Public session settings.”

Image 2: phishing post

Admins can also enable password alert auditing, send email alerts and enforce a password change policy when G Suite credentials have been used on a non-trusted website such as a phishing site.

3. Allow only trusted apps to access your data

Take advantage of OAuth apps whitelisting to specify which apps can access your users’ G Suite data. With this setting, users can grant access to their G Suite apps’ data only to whitelisted apps. This prevents malicious apps from tricking users into accidentally granting unauthorized access. Apps can be whitelisted by admins in the Admin console under G Suite API Permissions.

Image 3: phishing post

4. Publish a DMARC policy for your organization

To help your business avoid damage to its reputation from phishing attacks and impersonators, G Suite follows the DMARC standard. DMARC empowers domain owners to decide how Gmail and other participating email providers handle unauthenticated emails coming from your domain. By defining a policy and turning on DKIM email signing, you can ensure that emails that claim to be from your organization, are actually from you.

5. Disable third-party email client access for those who don’t need it

The Gmail clients (Android, iOS, Web) leverage Google Safe Browsing to incorporate anti-phishing security measures such as disabling suspicious links and attachments and displaying warnings to users to deter them from clicking on suspicious links.

By choosing to disable POP and IMAP, Google Sync and G Suite Sync for Microsoft Outlook, admins can ensure that a significant portion of G Suite users will only use Gmail clients and benefit from the built-in phishing protections that they provide. Additional measures include enabling OAuth apps whitelisting to block third-party clients as suggested earlier in the blog.

Note: all third-party email clients, including native mobile mail clients, will stop working if the measures outlined above are implemented.

Image 4: phishing post

Disable-thirdparty.png

6. Encourage your team to pay attention to external reply warnings

By default, Gmail clients (Android, Web) warn G Suite users if they’re responding to emails sent from outside their domain by someone they don’t regularly interact with, or from someone not in their contacts. This helps businesses protect against forged emails, from malicious actors or just plain old user-error like sending an email to the wrong contact. Educate your employees to look for these warnings and be careful before responding to unrecognized senders. Unintended external reply warnings are controlled from the Admin console control in the “Advanced Gmail” setting.

Image 6: phishing post

7. Enforce the use of Android work profiles

Work profiles allow you to separate your organization’s apps from personal apps, keeping personal and corporate data separate. By using integrated device management within G Suite to enforce the use of work profiles, you can whitelist applications that access corporate data and block installation of apps from unknown sources. You now have complete control over which apps have access to your corporate data.

Image 7: phishing post

These steps can help you improve your organization’s security posture and become more resistant to phishing attacks. Learn more at gsuite.google.com/security or sign up for our security webinar on September 20, 2017 which features new security research from Forrester and a demonstration on how the cloud can help effectively combat cyber threats.

Android

iMac Pro will reportedly have an A10 Fusion coprocessor for ‘Hey, Siri’ support and more secure booting

There haven’t been many updates on Apple’s iMac Pro since it was first announced back at WWDC in June. However, over the weekend, news broke from the internet’s favorite Apple firmware gurus Steven Troughton-Smith and Guilherme Rambo that the upcoming pro desktop computer will feature an A10 Fusion coprocessor.

Based on the leaked code, which has been compiled and explained by Jonathan Levin, it seems the A10 Fusion chip will enable two interesting new features. The first is the ability for the iMac Pro to feature always-on “Hey, Siri” voice command support, similar to what’s currently available on more recent iPhone devices. The news seems all but confirmed: Rambo has posted a video of the feature working on a Mac.

Continue reading…

The Verge – All Posts

Enjoy safe and secure online shopping without getting stung this holiday season


Savvy shoppers are already preparing to secure the best Black Friday and Cyber Monday deals. But, many remain oblivious to devious cybercriminals that are hoping to use the excitement and thirst for massive sales to trick unsuspecting users into handing over their details. Many will remember David Baggett as the co-founder of ITA Software that was sold to Google in 2010 for $ 700 million. But the cybersecurity expert and Inky CEO, recently shared essential information on my podcast about the most common scams and how to avoid them. Baggett warned that everyone should approach emails that seem to be from…

This story continues at The Next Web
The Next Web

Google adds Nest Thermostat E, Secure Alarm System, Connect, and Cam IQ outdoor to the Google Store

When Google recently decided to sell only company-made hardware in the Google Store, Nest products were kept in stock. That’s not exactly a surprise, given that it’s a subsidiary of Alphabet, just like Google. Now the lineup of Nest security cameras, thermostats, and other smart home security accessories sold in the Google Store is expanding.

The Nest Thermostat E, Secure Alarm System, Connect, and Cam IQ outdoor have been added to the Google Store – with varying availability, of course:

The Nest Cam IQ outdoor is the only one of the four newly added Nest products that has a live “Buy” link.

Read More

Google adds Nest Thermostat E, Secure Alarm System, Connect, and Cam IQ outdoor to the Google Store was written by the awesome team at Android Police.

Android Police – Android News, Apps, Games, Phones, Tablets

Mocana leads partnership aiming for more secure IIoT devices

Mocana leads partnership aiming for more robust, secure IIoT devices

Mocana takes lead on plans to develop kits for building more robust IIoT devices and services with Avnet, Microsoft, Infineon and Xilinx.

Mocana, a start-up working on security for industrial control systems (ICSs), has announced it is partnering with electronic components company Avnet, software giant Microsoft, semiconductor specialist Infineon and Xilinx, a supplier of programmable logic devices, in order to develop an industrial IoT (IIoT) system “that meets the latest cybersecurity standards.”

The result is a hybrid bundle of both hardware and software built on Avnet’s UltraZed-EG system-on-module (SOM) technology. It is designed to be flexible and rugged for IIoT and small-form-factor IoT devices. The combination includes Mocana’s security software operating on the Xilinx Zynq Ultrascale+ MPSoC, using the capabilities of Infineon’s OPTIGA TPM (Trusted Platform Module) 2.0 security chip.

It interoperates with the Microsoft Azure cloud, with the goal of making it easier and more accessible for companies to bring more secure IIoT devices and services to market.

Read more: IIoT could revolutionize UK manufacturing, says Siemens-led report

Critical importance

“Securing our connected world is of critical importance,” said Srinivas Kumar, vice president of engineering at Mocana. “A major challenge for developers of IoT edge products is their lack of familiarity with cybersecurity standards. Our partnership with industry leaders Avnet, Xilinx, Infineon and Microsoft intends to ease this burden by providing a robust hardware plus software cybersecurity design that can be replicated or modified by system designers to fit their application needs.”

As the IIoT expands, device manufacturers must meet stringent cybersecurity standards, such as IEC 62443-3-3, FIPS 140-2 and NERC CIP 003-3.

According to the companies that make up this alliance, designers and developers need a robust platform that includes both hardware and software for IIoT. The joint solution is comprised of a comprehensive suite of secure hardware and software technologies that can be embedded into IoT and IIoT devices, including:

  • Avnet UltraZed-EG system on module (SOM): A board-level circuit that integrates a system function in a single module.
  • Xilinx Zynq Ultrascale+ MPSoC: A heterogeneous, multi-core ARM processing system with programmable logic for scalable and comprehensive IIoT edge platforms.
  • Infineon OPTIGA TPM 2.0 PMOD: A peripheral module comprised of a secure chip that generates hardware and software keys based on Trusted Computing Group (TCG) standards.
  • Mocana IoT Security Platform: Cybersecurity software that integrates with embedded applications to handle authentication, certificate management, device and data integrity, confidentiality and encryption and control.
  • Microsoft Azure IoT Device SDK and Azure IoT Edge runtime: Software that facilitates building secure cloud and intelligent edge applications.

Mocana’s move to initiate this agreement in the commercial space is interesting in that that the firm has a track record in producing military-grade technology. As IoT devices, their controllers and higher level embedded systems now form a part of increasingly complex software-defined networks, we may be on the tipping point of defining military-grade IoT security as the new standard for industrial control systems.


One week to go: Don’t miss our IoT Build event, taking place in London on 14 & 15 November 2017. It’s a great opportunity for attendees to explore the platforms, architectures, applications and connectivity that comprise the IoT ecosystem. IoT Build will also be coming to San Francisco on 27 & 28 March 2018.

The post Mocana leads partnership aiming for more secure IIoT devices appeared first on Internet of Business.

Internet of Business