Tag Archives: Chrome

At New Zealand schools, Chromebooks top the list of learning tools

New Zealand educators are changing their approach to teaching, building personalized learning pathways for every student. Technology plays a key part in this approach. New Zealand has joined the list of countries including Sweden the United States where Chromebooks are the number one device used in schools, according to analysts at International Data Corporation (IDC).

“Chromebooks continue to be a top choice for schools,” says Arunachalam Muthiah, Senior Market Analyst, IDC NZ. “After Chromebooks’ strong performance in 2016, we see a similar trend in the first half of 2017 with Chromebooks gaining a total shipment market share of 46 percent, continuing to hold their position as the number-one selling device in schools across New Zealand.”

Screen Shot 2017-03-09 at 12.57.49 PM.png
Bombay School students learning about conductivity, electrical circuits and constructing a tune.

Technology is transforming education across the globe, and in New Zealand schools are using digital tools to help  students learn, in the classroom and beyond.  

At Bombay School, located in the rural foothills south of Auckland, students could only get an hour a week of computer access. Bombay School’s principal and board decided on a 1:1 “bring your own device” program with Chromebooks, along with secure device management using a Chrome Education license.

Teachers quickly realized that since each student was empowered with a Chromebook, access to learning opportunities increased daily, inspiring students to chart new learning paths. “Technology overcomes constraints,” says Paul Petersen, principal of Bombay School. “If I don’t understand multiplication today, I can learn about it online. I can look for help. I can practice at my own pace, anywhere I am.”

In 2014 Bombay School seniors collectively scored in the 78th percentile for reading; in 2016, they reached nearly the 90th percentile.

PtEngland_1249__DXP0023_XT-X3.jpg

Students at Point England School take a digital license quiz to learn about online behavior.

In the Manaiakalani Community of Learning in East Auckland, some students start school with lower achievement levels than students in other school regions. Manaiakalani chose Chromebooks to support its education program goals and manage budget challenges. By bringing Chromebooks to the Manaiakalani schools, “we broke apart the barriers of the 9 a.m. to 3 p.m. school day,” says Dorothy Burt, head of the Manaiakalani Education Program and Digital Learning Coordinator, based at Point England School. Using G Suite for Education tools on their Chromebooks, students can work with other students, teachers, and parents on their lessons in the classroom, the library, or at home.

Dorothy says “we’re seeing not only engagement, but actual literacy outcomes improve—it’s made a huge difference to the opportunities students will have in the future.”

We look forward to supporting more countries and schools as they redefine teaching and make learning even more accessible for every student, anywhere.

Source: Education


At New Zealand schools, Chromebooks top the list of learning tools

New Zealand educators are changing their approach to teaching, building personalized learning pathways for every student. Technology plays a key part in this approach. New Zealand has joined the list of countries including Sweden the United States where Chromebooks are the number one device used in schools, according to analysts at International Data Corporation (IDC).

“Chromebooks continue to be a top choice for schools,” says Arunachalam Muthiah, Senior Market Analyst, IDC NZ. “After Chromebooks’ strong performance in 2016, we see a similar trend in the first half of 2017 with Chromebooks gaining a total shipment market share of 46 percent, continuing to hold their position as the number-one selling device in schools across New Zealand.”

Screen Shot 2017-03-09 at 12.57.49 PM.png
Bombay School students learning about conductivity, electrical circuits and constructing a tune.

Technology is transforming education across the globe, and in New Zealand schools are using digital tools to help  students learn, in the classroom and beyond.  

At Bombay School, located in the rural foothills south of Auckland, students could only get an hour a week of computer access. Bombay School’s principal and board decided on a 1:1 “bring your own device” program with Chromebooks, along with secure device management using a Chrome Education license.

Teachers quickly realized that since each student was empowered with a Chromebook, access to learning opportunities increased daily, inspiring students to chart new learning paths. “Technology overcomes constraints,” says Paul Petersen, principal of Bombay School. “If I don’t understand multiplication today, I can learn about it online. I can look for help. I can practice at my own pace, anywhere I am.”

In 2014 Bombay School seniors collectively scored in the 78th percentile for reading; in 2016, they reached nearly the 90th percentile.

PtEngland_1249__DXP0023_XT-X3.jpg

Students at Point England School take a digital license quiz to learn about online behavior.

In the Manaiakalani Community of Learning in East Auckland, some students start school with lower achievement levels than students in other school regions. Manaiakalani chose Chromebooks to support its education program goals and manage budget challenges. By bringing Chromebooks to the Manaiakalani schools, “we broke apart the barriers of the 9 a.m. to 3 p.m. school day,” says Dorothy Burt, head of the Manaiakalani Education Program and Digital Learning Coordinator, based at Point England School. Using G Suite for Education tools on their Chromebooks, students can work with other students, teachers, and parents on their lessons in the classroom, the library, or at home.

Dorothy says “we’re seeing not only engagement, but actual literacy outcomes improve—it’s made a huge difference to the opportunities students will have in the future.”

We look forward to supporting more countries and schools as they redefine teaching and make learning even more accessible for every student, anywhere.

At New Zealand schools, Chromebooks top the list of learning tools

New Zealand educators are changing their approach to teaching, building personalized learning pathways for every student. Technology plays a key part in this approach. New Zealand has joined the list of countries including Sweden the United States where Chromebooks are the number one device used in schools, according to analysts at International Data Corporation (IDC).

“Chromebooks continue to be a top choice for schools,” says Arunachalam Muthiah, Senior Market Analyst, IDC NZ. “After Chromebooks’ strong performance in 2016, we see a similar trend in the first half of 2017 with Chromebooks gaining a total shipment market share of 46 percent, continuing to hold their position as the number-one selling device in schools across New Zealand.”

Screen Shot 2017-03-09 at 12.57.49 PM.png
Bombay School students learning about conductivity, electrical circuits and constructing a tune.

Technology is transforming education across the globe, and in New Zealand schools are using digital tools to help  students learn, in the classroom and beyond.  

At Bombay School, located in the rural foothills south of Auckland, students could only get an hour a week of computer access. Bombay School’s principal and board decided on a 1:1 “bring your own device” program with Chromebooks, along with secure device management using a Chrome Education license.

Teachers quickly realized that since each student was empowered with a Chromebook, access to learning opportunities increased daily, inspiring students to chart new learning paths. “Technology overcomes constraints,” says Paul Petersen, principal of Bombay School. “If I don’t understand multiplication today, I can learn about it online. I can look for help. I can practice at my own pace, anywhere I am.”

In 2014 Bombay School seniors collectively scored in the 78th percentile for reading; in 2016, they reached nearly the 90th percentile.

PtEngland_1249__DXP0023_XT-X3.jpg

Students at Point England School take a digital license quiz to learn about online behavior.

In the Manaiakalani Community of Learning in East Auckland, some students start school with lower achievement levels than students in other school regions. Manaiakalani chose Chromebooks to support its education program goals and manage budget challenges. By bringing Chromebooks to the Manaiakalani schools, “we broke apart the barriers of the 9 a.m. to 3 p.m. school day,” says Dorothy Burt, head of the Manaiakalani Education Program and Digital Learning Coordinator, based at Point England School. Using G Suite for Education tools on their Chromebooks, students can work with other students, teachers, and parents on their lessons in the classroom, the library, or at home.

Dorothy says “we’re seeing not only engagement, but actual literacy outcomes improve—it’s made a huge difference to the opportunities students will have in the future.”

We look forward to supporting more countries and schools as they redefine teaching and make learning even more accessible for every student, anywhere.

Source: Google Cloud


7 ways admins can help secure accounts against phishing in G Suite

We work hard to help protect your company against phishing attacks—from using machine learning, to tailoring our detection algorithms, to building features to spot previously unseen attacks. While we block as many external attacks as we can, we continue to build and offer features designed to empower IT administrators to develop strong internal defenses against phishing.

Here are seven things we recommend admins do in G Suite to better protect employee data.

1. Enforce 2-step verification

Two-step verification (2SV) is one of the best ways to prevent someone from accessing your account, even if they steal your password. In G Suite, admins have the ability to enforce 2-step verification. 2SV can reduce the risk of successful phishing attacks by asking employees for additional proof of identity when they sign in. This can be in the form of phone prompts, voice calls, mobile app notifications and more.

Image 1: phishing post

G Suite also supports user-managed security keys—easy to use hardware authenticators. Admins can choose to enforce the use of security keys to help reduce the risk of stolen credentials being used to compromise an account. The key sends an encrypted signature and works only with authorized sites. Security keys can be deployed, monitored and managed directly from within the Admin console.

The Key to working smarter faster and safer

2. Deploy Password Alert extension for Chrome

The Password Alert chrome extension checks each page that users visit to see if that page is impersonating Google’s sign-in page and notifies admins if users enter their G Suite credentials anywhere other than the Google sign-in page.

Admins can enforce deployment of the Password Alert Chrome extension from the Google Admin Console (Device management > App Management > Password Alert)—just sign in and get started. You should check “Force installation" under both “User Settings” and “Public session settings.”

Image 2: phishing post

Admins can also enable password alert auditing, send email alerts and enforce a password change policy when G Suite credentials have been used on a non-trusted website such as a phishing site.

3. Allow only trusted apps to access your data

Take advantage of OAuth apps whitelisting to specify which apps can access your users’ G Suite data. With this setting, users can grant access to their G Suite apps’ data only to whitelisted apps. This prevents malicious apps from tricking users into accidentally granting unauthorized access. Apps can be whitelisted by admins in the Admin console under G Suite API Permissions.

Image 3: phishing post

4. Publish a DMARC policy for your organization

To help your business avoid damage to its reputation from phishing attacks and impersonators, G Suite follows the DMARC standard. DMARC empowers domain owners to decide how Gmail and other participating email providers handle unauthenticated emails coming from your domain. By defining a policy and turning on DKIM email signing, you can ensure that emails that claim to be from your organization, are actually from you.

5. Disable third-party email client access for those who don't need it

The Gmail clients (Android, iOS, Web) leverage Google Safe Browsing to incorporate anti-phishing security measures such as disabling suspicious links and attachments and displaying warnings to users to deter them from clicking on suspicious links.


By choosing to disable POP and IMAP, Google Sync and G Suite Sync for Microsoft Outlook, admins can ensure that a significant portion of G Suite users will only use Gmail clients and benefit from the built-in phishing protections that they provide. Additional measures include enabling OAuth apps whitelisting to block third-party clients as suggested earlier in the blog.


Note: all third-party email clients, including native mobile mail clients, will stop working if the measures outlined above are implemented.

Image 4: phishing post
Image 5: phishing post

6. Encourage your team to pay attention to external reply warnings

By default, Gmail clients (Android, Web) warn G Suite users if they’re responding to emails sent from outside their domain by someone they don’t regularly interact with, or from someone not in their contacts. This helps businesses protect against forged emails, from malicious actors or just plain old user-error like sending an email to the wrong contact. Educate your employees to look for these warnings and be careful before responding to unrecognized senders. Unintended external reply warnings are controlled from the Admin console control in the “Advanced Gmail” setting.

Image 6: phishing post

7. Enforce the use of Android work profiles

Work profiles allow you to separate your organization's apps from personal apps, keeping personal and corporate data separate. By using integrated device management within G Suite to enforce the use of work profiles, you can whitelist applications that access corporate data and block installation of apps from unknown sources. You now have complete control over which apps have access to your corporate data.

Image 7: phishing post

These steps can help you improve your organization’s security posture and become more resistant to phishing attacks. Learn more at gsuite.google.com/security or sign up for our security webinar on September 20, 2017 which features new security research from Forrester and a demonstration on how the cloud can help effectively combat cyber threats.

Source: Google Cloud


7 ways admins can help secure accounts against phishing in G Suite

We work hard to help protect your company against phishing attacks—from using machine learning, to tailoring our detection algorithms, to building features to spot previously unseen attacks. While we block as many external attacks as we can, we continue to build and offer features designed to empower IT administrators to develop strong internal defenses against phishing.

Here are seven things we recommend admins do in G Suite to better protect employee data.

1. Enforce 2-step verification

Two-step verification (2SV) is one of the best ways to prevent someone from accessing your account, even if they steal your password. In G Suite, admins have the ability to enforce 2-step verification. 2SV can reduce the risk of successful phishing attacks by asking employees for additional proof of identity when they sign in. This can be in the form of phone prompts, voice calls, mobile app notifications and more.

Image 1: phishing post

G Suite also supports user-managed security keys—easy to use hardware authenticators. Admins can choose to enforce the use of security keys to help reduce the risk of stolen credentials being used to compromise an account. The key sends an encrypted signature and works only with authorized sites. Security keys can be deployed, monitored and managed directly from within the Admin console.

The Key to working smarter faster and safer

2. Deploy Password Alert extension for Chrome

The Password Alert chrome extension checks each page that users visit to see if that page is impersonating Google’s sign-in page and notifies admins if users enter their G Suite credentials anywhere other than the Google sign-in page.

Admins can enforce deployment of the Password Alert Chrome extension from the Google Admin Console (Device management > App Management > Password Alert)—just sign in and get started. You should check “Force installation" under both “User Settings” and “Public session settings.”

Image 2: phishing post

Admins can also enable password alert auditing, send email alerts and enforce a password change policy when G Suite credentials have been used on a non-trusted website such as a phishing site.

3. Allow only trusted apps to access your data

Take advantage of OAuth apps whitelisting to specify which apps can access your users’ G Suite data. With this setting, users can grant access to their G Suite apps’ data only to whitelisted apps. This prevents malicious apps from tricking users into accidentally granting unauthorized access. Apps can be whitelisted by admins in the Admin console under G Suite API Permissions.

Image 3: phishing post

4. Publish a DMARC policy for your organization

To help your business avoid damage to its reputation from phishing attacks and impersonators, G Suite follows the DMARC standard. DMARC empowers domain owners to decide how Gmail and other participating email providers handle unauthenticated emails coming from your domain. By defining a policy and turning on DKIM email signing, you can ensure that emails that claim to be from your organization, are actually from you.

5. Disable third-party email client access for those who don't need it

The Gmail clients (Android, iOS, Web) leverage Google Safe Browsing to incorporate anti-phishing security measures such as disabling suspicious links and attachments and displaying warnings to users to deter them from clicking on suspicious links.


By choosing to disable POP and IMAP, Google Sync and G Suite Sync for Microsoft Outlook, admins can ensure that a significant portion of G Suite users will only use Gmail clients and benefit from the built-in phishing protections that they provide. Additional measures include enabling OAuth apps whitelisting to block third-party clients as suggested earlier in the blog.


Note: all third-party email clients, including native mobile mail clients, will stop working if the measures outlined above are implemented.

Image 4: phishing post
Image 5: phishing post

6. Encourage your team to pay attention to external reply warnings

By default, Gmail clients (Android, Web) warn G Suite users if they’re responding to emails sent from outside their domain by someone they don’t regularly interact with, or from someone not in their contacts. This helps businesses protect against forged emails, from malicious actors or just plain old user-error like sending an email to the wrong contact. Educate your employees to look for these warnings and be careful before responding to unrecognized senders. Unintended external reply warnings are controlled from the Admin console control in the “Advanced Gmail” setting.

Image 6: phishing post

7. Enforce the use of Android work profiles

Work profiles allow you to separate your organization's apps from personal apps, keeping personal and corporate data separate. By using integrated device management within G Suite to enforce the use of work profiles, you can whitelist applications that access corporate data and block installation of apps from unknown sources. You now have complete control over which apps have access to your corporate data.

Image 7: phishing post

These steps can help you improve your organization’s security posture and become more resistant to phishing attacks. Learn more at gsuite.google.com/security or sign up for our security webinar on September 20, 2017 which features new security research from Forrester and a demonstration on how the cloud can help effectively combat cyber threats.

Source: Android


7 ways admins can help secure accounts against phishing in G Suite

We work hard to help protect your company against phishing attacks—from using machine learning, to tailoring our detection algorithms, to building features to spot previously unseen attacks. While we block as many external attacks as we can, we continue to build and offer features designed to empower IT administrators to develop strong internal defenses against phishing.

Here are seven things we recommend admins do in G Suite to better protect employee data.

1. Enforce 2-step verification

Two-step verification (2SV) is one of the best ways to prevent someone from accessing your account, even if they steal your password. In G Suite, admins have the ability to enforce 2-step verification. 2SV can reduce the risk of successful phishing attacks by asking employees for additional proof of identity when they sign in. This can be in the form of phone prompts, voice calls, mobile app notifications and more.

Image 1: phishing post

G Suite also supports user-managed security keys—easy to use hardware authenticators. Admins can choose to enforce the use of security keys to help reduce the risk of stolen credentials being used to compromise an account. The key sends an encrypted signature and works only with authorized sites. Security keys can be deployed, monitored and managed directly from within the Admin console.

The Key to working smarter faster and safer

2. Deploy Password Alert extension for Chrome

The Password Alert chrome extension checks each page that users visit to see if that page is impersonating Google’s sign-in page and notifies admins if users enter their G Suite credentials anywhere other than the Google sign-in page.

Admins can enforce deployment of the Password Alert Chrome extension from the Google Admin Console (Device management > App Management > Password Alert)—just sign in and get started. You should check “Force installation" under both “User Settings” and “Public session settings.”

Image 2: phishing post

Admins can also enable password alert auditing, send email alerts and enforce a password change policy when G Suite credentials have been used on a non-trusted website such as a phishing site.

3. Allow only trusted apps to access your data

Take advantage of OAuth apps whitelisting to specify which apps can access your users’ G Suite data. With this setting, users can grant access to their G Suite apps’ data only to whitelisted apps. This prevents malicious apps from tricking users into accidentally granting unauthorized access. Apps can be whitelisted by admins in the Admin console under G Suite API Permissions.

Image 3: phishing post

4. Publish a DMARC policy for your organization

To help your business avoid damage to its reputation from phishing attacks and impersonators, G Suite follows the DMARC standard. DMARC empowers domain owners to decide how Gmail and other participating email providers handle unauthenticated emails coming from your domain. By defining a policy and turning on DKIM email signing, you can ensure that emails that claim to be from your organization, are actually from you.

5. Disable third-party email client access for those who don't need it

The Gmail clients (Android, iOS, Web) leverage Google Safe Browsing to incorporate anti-phishing security measures such as disabling suspicious links and attachments and displaying warnings to users to deter them from clicking on suspicious links.


By choosing to disable POP and IMAP, Google Sync and G Suite Sync for Microsoft Outlook, admins can ensure that a significant portion of G Suite users will only use Gmail clients and benefit from the built-in phishing protections that they provide. Additional measures include enabling OAuth apps whitelisting to block third-party clients as suggested earlier in the blog.


Note: all third-party email clients, including native mobile mail clients, will stop working if the measures outlined above are implemented.

Image 4: phishing post
Image 5: phishing post

6. Encourage your team to pay attention to external reply warnings

By default, Gmail clients (Android, Web) warn G Suite users if they’re responding to emails sent from outside their domain by someone they don’t regularly interact with, or from someone not in their contacts. This helps businesses protect against forged emails, from malicious actors or just plain old user-error like sending an email to the wrong contact. Educate your employees to look for these warnings and be careful before responding to unrecognized senders. Unintended external reply warnings are controlled from the Admin console control in the “Advanced Gmail” setting.

Image 6: phishing post

7. Enforce the use of Android work profiles

Work profiles allow you to separate your organization's apps from personal apps, keeping personal and corporate data separate. By using integrated device management within G Suite to enforce the use of work profiles, you can whitelist applications that access corporate data and block installation of apps from unknown sources. You now have complete control over which apps have access to your corporate data.

Image 7: phishing post

These steps can help you improve your organization’s security posture and become more resistant to phishing attacks. Learn more at gsuite.google.com/security or sign up for our security webinar on September 20, 2017 which features new security research from Forrester and a demonstration on how the cloud can help effectively combat cyber threats.

7 ways admins can help secure accounts against phishing in G Suite

We work hard to help protect your company against phishing attacks—from using machine learning, to tailoring our detection algorithms, to building features to spot previously unseen attacks. While we block as many external attacks as we can, we continue to build and offer features designed to empower IT administrators to develop strong internal defenses against phishing.

Here are seven things we recommend admins do in G Suite to better protect employee data.

1. Enforce 2-step verification

Two-step verification (2SV) is one of the best ways to prevent someone from accessing your account, even if they steal your password. In G Suite, admins have the ability to enforce 2-step verification. 2SV can reduce the risk of successful phishing attacks by asking employees for additional proof of identity when they sign in. This can be in the form of phone prompts, voice calls, mobile app notifications and more.

Image 1: phishing post

G Suite also supports user-managed security keys—easy to use hardware authenticators. Admins can choose to enforce the use of security keys to help reduce the risk of stolen credentials being used to compromise an account. The key sends an encrypted signature and works only with authorized sites. Security keys can be deployed, monitored and managed directly from within the Admin console.

The Key to working smarter faster and safer

2. Deploy Password Alert extension for Chrome

The Password Alert chrome extension checks each page that users visit to see if that page is impersonating Google’s sign-in page and notifies admins if users enter their G Suite credentials anywhere other than the Google sign-in page.

Admins can enforce deployment of the Password Alert Chrome extension from the Google Admin Console (Device management > App Management > Password Alert)—just sign in and get started. You should check “Force installation" under both “User Settings” and “Public session settings.”

Image 2: phishing post

Admins can also enable password alert auditing, send email alerts and enforce a password change policy when G Suite credentials have been used on a non-trusted website such as a phishing site.

3. Allow only trusted apps to access your data

Take advantage of OAuth apps whitelisting to specify which apps can access your users’ G Suite data. With this setting, users can grant access to their G Suite apps’ data only to whitelisted apps. This prevents malicious apps from tricking users into accidentally granting unauthorized access. Apps can be whitelisted by admins in the Admin console under G Suite API Permissions.

Image 3: phishing post

4. Publish a DMARC policy for your organization

To help your business avoid damage to its reputation from phishing attacks and impersonators, G Suite follows the DMARC standard. DMARC empowers domain owners to decide how Gmail and other participating email providers handle unauthenticated emails coming from your domain. By defining a policy and turning on DKIM email signing, you can ensure that emails that claim to be from your organization, are actually from you.

5. Disable third-party email client access for those who don't need it

The Gmail clients (Android, iOS, Web) leverage Google Safe Browsing to incorporate anti-phishing security measures such as disabling suspicious links and attachments and displaying warnings to users to deter them from clicking on suspicious links.


By choosing to disable POP and IMAP, Google Sync and G Suite Sync for Microsoft Outlook, admins can ensure that a significant portion of G Suite users will only use Gmail clients and benefit from the built-in phishing protections that they provide. Additional measures include enabling OAuth apps whitelisting to block third-party clients as suggested earlier in the blog.


Note: all third-party email clients, including native mobile mail clients, will stop working if the measures outlined above are implemented.

Image 4: phishing post
Image 5: phishing post

6. Encourage your team to pay attention to external reply warnings

By default, Gmail clients (Android, Web) warn G Suite users if they’re responding to emails sent from outside their domain by someone they don’t regularly interact with, or from someone not in their contacts. This helps businesses protect against forged emails, from malicious actors or just plain old user-error like sending an email to the wrong contact. Educate your employees to look for these warnings and be careful before responding to unrecognized senders. Unintended external reply warnings are controlled from the Admin console control in the “Advanced Gmail” setting.

Image 6: phishing post

7. Enforce the use of Android work profiles

Work profiles allow you to separate your organization's apps from personal apps, keeping personal and corporate data separate. By using integrated device management within G Suite to enforce the use of work profiles, you can whitelist applications that access corporate data and block installation of apps from unknown sources. You now have complete control over which apps have access to your corporate data.

Image 7: phishing post

These steps can help you improve your organization’s security posture and become more resistant to phishing attacks. Learn more at gsuite.google.com/security or sign up for our security webinar on September 20, 2017 which features new security research from Forrester and a demonstration on how the cloud can help effectively combat cyber threats.

Source: Gmail Blog


7 ways admins can help secure accounts against phishing in G Suite

We work hard to help protect your company against phishing attacks—from using machine learning, to tailoring our detection algorithms, to building features to spot previously unseen attacks. While we block as many external attacks as we can, we continue to build and offer features designed to empower IT administrators to develop strong internal defenses against phishing.

Here are seven things we recommend admins do in G Suite to better protect employee data.

1. Enforce 2-step verification

Two-step verification (2SV) is one of the best ways to prevent someone from accessing your account, even if they steal your password. In G Suite, admins have the ability to enforce 2-step verification. 2SV can reduce the risk of successful phishing attacks by asking employees for additional proof of identity when they sign in. This can be in the form of phone prompts, voice calls, mobile app notifications and more.

Image 1: phishing post

G Suite also supports user-managed security keys—easy to use hardware authenticators. Admins can choose to enforce the use of security keys to help reduce the risk of stolen credentials being used to compromise an account. The key sends an encrypted signature and works only with authorized sites. Security keys can be deployed, monitored and managed directly from within the Admin console.

2. Deploy Password Alert extension for Chrome

The Password Alert chrome extension checks each page that users visit to see if that page is impersonating Google’s sign-in page and notifies admins if users enter their G Suite credentials anywhere other than the Google sign-in page.

Admins can enforce deployment of the Password Alert Chrome extension from the Google Admin Console (Device management > App Management > Password Alert)—just sign in and get started. You should check “Force installation" under both “User Settings” and “Public session settings.”

Image 2: phishing post

Admins can also enable password alert auditing, send email alerts and enforce a password change policy when G Suite credentials have been used on a non-trusted website such as a phishing site.

3. Allow only trusted apps to access your data

Take advantage of OAuth apps whitelisting to specify which apps can access your users’ G Suite data. With this setting, users can grant access to their G Suite apps’ data only to whitelisted apps. This prevents malicious apps from tricking users into accidentally granting unauthorized access. Apps can be whitelisted by admins in the Admin console under G Suite API Permissions.

Image 3: phishing post

4. Publish a DMARC policy for your organization

To help your business avoid damage to its reputation from phishing attacks and impersonators, G Suite follows the DMARC standard. DMARC empowers domain owners to decide how Gmail and other participating email providers handle unauthenticated emails coming from your domain. By defining a policy and turning on DKIM email signing, you can ensure that emails that claim to be from your organization, are actually from you.

5. Disable POP and IMAP access for those who don’t need it

The Gmail clients (Android, iOS, Web) leverage Google Safe Browsing to incorporate anti-phishing security measures such as disabling suspicious links and attachments and displaying warnings to users to deter them from clicking on suspicious links. 

By choosing to disable POP and IMAP, admins can ensure that all G Suite users will only use Gmail clients and benefit from the built-in phishing protections that they provide. POP and IMAP access can be disabled by admins at the organizational unit level.

Note: all third-party email clients including native mobile mail clients will stop working if POP and IMAP are disabled.

Image 4: phishing post
Image 5: phishing post

6. Encourage your team to pay attention to external reply warnings

By default, Gmail clients (Android, Web) warn G Suite users if they’re responding to emails sent from outside their domain by someone they don’t regularly interact with, or from someone not in their contacts. This helps businesses protect against forged emails, from malicious actors or just plain old user-error like sending an email to the wrong contact. Educate your employees to look for these warnings and be careful before responding to unrecognized senders. Unintended external reply warnings are controlled from the Admin console control in the “Advanced Gmail” setting.

Image 6: phishing post

7. Enforce the use of Android work profiles

Work profiles allow you to separate your organization's apps from personal apps, keeping personal and corporate data separate. By using integrated device management within G Suite to enforce the use of work profiles, you can whitelist applications that access corporate data and block installation of apps from unknown sources. You now have complete control over which apps have access to your corporate data.

Image 7: phishing post

These steps can help you improve your organization’s security posture and become more resistant to phishing attacks. Learn more at gsuite.google.com/security or sign up for our security webinar on September 20, 2017 which features new security research from Forrester and a demonstration on how the cloud can help effectively combat cyber threats.

Source: Android


Step inside of music

What if you could step inside your favorite song and get a closer look at how music is made? That’s the idea behind our new interactive experiment Inside Music.

The project is a collaboration with the popular podcast Song Exploder and some of our favorite artists across different genres—Phoenix, Perfume Genius, Natalia Lafourcade, Ibeyi, Alarm Will Sound, and Clipping. The experiment lets you explore layers of music all around you, using spatial audio to understand how a piece of music is composed. You can even turn layers on and off, letting you hear the individual pieces of a song in a new way.

It’s built using technology called WebVR, which lets you open it in your web browser, without installing any apps. You can try it on a virtual reality headset, phone or laptop. And we’ve made the code open-source so that people who make music can create new interactive experiments.

Watch the video above to learn more, and check it out at g.co/insidemusic.

Chillax, it’s National Relaxation Day!

Even though the calendar says it’s only Tuesday, we say it’s time to kick back and relax. After all, National Relaxation Day comes but once a year! And if you’re like the 44% of Americans who feel more stressed than they did five years ago, you may be in need of a break. To help you unwind, we’ve put together some tips and tricks to calm down, free up your mind, and release the stress.

Starting off in Google Search, we have some go-to guides to help you chill out. First, try typing “breathing exercises” into Google, and you’ll see a nice guided exercise right at the top of search results. Cue exhale...and inhale! For the established (or aspiring) yogis out there, you may also want to check out some of the yoga positions that are just a tap away. And don’t worry, if you’re not up for the Chakrasana, Bālāsana still counts. Namaste.

Relaxation Day.png

More of a video viewer? You’re not alone. Guided meditation videos on YouTube are on the rise, with an 84% increase in views since last year. Some popular picks include Blissful Deep Relaxation by The Honest Guys and Guided Meditation for Sleep... Floating Amongst the Stars by Jason Stephenson. Oooohhhmmmmm.

youtube relax

If you want to pamper yourself on National Relaxation Day, head over to Google Maps. You can now book appointments at spas and salons across the U.S. To get started, do a quick look for a nearby salon, barbershop or spa and look for the “book” button on the business listing. You can also visit the Reserve with Google site to browse recommendations or find serene spots you never knew existed.

beauty

This is just a sample of the serenity that awaits. And if you’re stuck at  your computer, here’s a pro tip: take a breather with the Mindful Break Chrome extension that gives you tips and guides you through some short breathing exercises. Ready, set, chillax!  

Source: Search