Recent high-profile cyber attacks—from retail and finance to healthcare and government—show how the threat landscape is rapidly evolving. One click on a malicious link in an email can take down an entire corporation, so online privacy is more important than ever. For example, Medibank—a health insurer in Australia—suffered a significant data breach after an employee’s credentials were compromised, likely through a phishing attack.
When Medibank refused to pay the ransom, hackers released the private medical data of 9.7 million people onto the dark web. The company has since been served with a class action lawsuit. In another example, T-Mobile recently settled a class action lawsuit related to a data breach in 2021 that impacted around 77 million people after customer data was listed for sale on the dark web.
The case cost the company US$350 million—and that’s only one of eight data breaches it has disclosed since 2018. At least one of those data breaches was the result of stolen credentials. The financial losses and reputational damage from such attacks can be crippling. As Google explains, email is “the front door to your personal information” and a primary entry point for risks. Indeed, over 90% of cyber attacks begin with phishing, allowing attackers to gain personally identifiable information (PII) such as a person’s name, home address, email address, date of birth, social security number and medical information.
Hackers can then sell this data on the dark web or use it for extortion, account takeovers and identity theft. Aside from financial losses and reputational damage, businesses that fail to protect PII may be fined under regulations such as the EU’s General Data Protection Regulation, designed to protect consumer privacy. It’s crucial to understand the importance of email security in safeguarding personal and business information as part of your organization’s cybersecurity strategy.
The evolving threat landscape
The cost of cybercrime is predicted to rise from US$8 trillion in 2023 to US$10.5 trillion by 2025. Ransomware will become a more persistent threat, while social engineering attacks like phishing will become more sophisticated and harder to detect. Cybercrime will only increase in the era of machine learning and artificial intelligence. Tools that help organizations navigate security, such as predictive analytics and AI, are also being used by bad actors to exploit vulnerabilities and attack networks.
Companies with holes in their cybersecurity defenses—from weak authentication methods to improperly configured controls—are more vulnerable to data breaches. For example, hackers could exploit email system vulnerabilities to gain unauthorized access to personal and business data.
Once they’ve made it through the front door, they can access other accounts, services and correspondence associated with that email. If even a single corporate email account is compromised, it could snowball and lead to a much larger data breach across the organization.
Understanding Gmail security features
That’s why it’s essential to understand—and properly configure—email settings for spam, phishing and malware. Gmail offers robust, built-in security features, providing essential layers of protection—even for social engineering attacks.
And Google continuously updates its security protocols to combat evolving cyber threats effectively.
Here are some of the top features for safeguarding privacy in Gmail:
Phishing protection: Most phishing attacks start from email. Google’s AI-enhanced spam-filtering capabilities block more than 99.9% of spam, phishing attempts and malware from reaching your users.
Email encryption: Messages are encrypted at rest and in transit over Google infrastructure. Messages in transit to third-party providers are encrypted with Transport Layer Security when possible.
Two-factor authentication: This provides a second layer of defense by requiring a second verification method after entering a password—especially if a user’s password has unknowingly been compromised.
Proactive alerts: Gmail warns users before downloading a suspicious attachment, while safe browsing helps identify suspicious or dangerous links in email messages.
Confidential mode: This feature allows users to disable the option for recipients to forward, copy, download or print their Gmail message, and it can even be set to expire after a certain period.
Advanced protection for those most at risk: Google’s Advanced Protection Program helps protect users with a high risk of targeted online attacks, such as high-profile individuals with access to private corporate data.
Configuring security settings is key
Security is a two-way street, and Google Workspace customers are also responsible for ensuring their security settings are properly configured and that employees receive cybersecurity awareness training.
If you don’t have the right team or expertise to help ensure everything is configured correctly, you may leave the front door open to security threats. That’s where Pythian’s Email Security Deep Dive service offering can help.
As part of this fixed-fee service, we’ll ensure you’re taking advantage of every security feature available in Google Workspace and that all settings have been configured properly. Ready to get started? Email us at info@pythian.com to find out how we can help.
