Google is helping its enterprise users to keep their data secure with new security features added to Gmail including early phishing detection using machine learning, click-time warnings for malicious links, unintended external reply warnings and built-in defenses against new threats.
Google already "reject message and notify sender when a virus is detected in an email," "prevent sending an infected attachment," and "prevent downloading attachments when a virus detects."
Now, a new algorithm is helping Google to flag and delay up to 4 minutes any petentially suspicious emails for additional checks on the message content. G Suite admins can turn on / off this feature from the admin console.
"This new detection system with Safe Browsing machine learning employs a variety of techniques such as reputation and similarity analysis on URLs, to generate new URL click-time warnings for phishing and malware links," says google.
This release also now displays unintended external reply warnings to G Suite users, when they respond to emails from outside of a company domain — protecting enterprises from forged email, impersonation, as well as common user-error when sending mail to wrong contacts. Because through Gmail's contextual intelligence, "it knows if the recipient is an existing contact or someone you interact with regularly, to avoid displaying warnings unnecessarily."
Here is how this features work
- When a user hits reply in Gmail, Google scans the recipient list, including addresses in CC and BCC. If a recipient is both external to the user's organization and not present in their Contacts, we will display the warning.
- We treat secondary domains and domain aliases like primary domains, so your users will not be warned when emailing users at your subdomains.
- If the recipient is intended, the user can dismiss the warning and proceed with the response. We won't show the warning again for that recipient.
- Unintended external reply warning is controlled from the Admin console control in the Advanced Gmail settings and is launching default on. It can be toggled on or off by organizational unit or for your entire domain, Google explained.
G Suite admins now have more control over profile fields, and changes to contacts on/off setting with the changes rolling out on June 26, to user profile management.
Now, editing profile fields such as Name, Photo, Gender, and Birthday are direct under control of G Suite admins — who can decide which fields can be edited by end users, independent of Google+ status. "Admins will continue to be able to set these fields directly yourself where supported in the Admin console, or sync values using Google Cloud Directory Sync."
Additionally, Contacts setting is renamed to Directory, and the Contacts on/off setting within it will be removed now. Once removed from the admin console, "we will retain the the Web contacts manager on/off preference you've already specified," said the team.
Google notes, when Contacts Preview eventually replaces current Web contacts manager, "the setting will no longer have any effect, and will be fully deprecated."
And, domains those with existing profile photos despite not having G+ enabled will have photo editability enabled on launch. Admins may change the setting after launch.
Lastly, outside of this update, Gmail also has a few other security advancements:
- Hosted S/MIME, to encrypt email while in transit
- Data Loss Prevention for Gmail, to protect your most sensitive information
- Alerts when TLS encryption between mailboxes is not supported or when a message can't be authenticated, so you're aware when you email someone whose mailbox does not support encryption