Posted by Suzanne Frey, Director, Security and Privacy Engineering, Google Apps for Work

Today is Safer Internet Day, a moment for technology companies, organizations of all sizes and people around the world to focus on online safety, together. To mark the occasion, we’re adding two new security features to Gmail that will roll out to Google Apps domains in the coming weeks.

First, users who receive a message from, or who are about to send a message to, someone whose email service doesn’t support an encrypted connection (TLS), will see an open lock icon in the message. Users won’t see this icon when sending mail from one Google-hosted domain to any other, including gmail.com, since those emails are always sent over an encrypted connection. Gmail will always send and receive messages over TLS, unless the connecting service doesn’t support it.

Second, users receiving messages that aren’t properly authenticated with either Sender Policy Framework (SPF) or DKIM will see a question mark in place of their profile photo, corporate logo or avatar. Read more about both of these features on the Gmail blog.

To make the most of this day and every day forward, here are some additional features you can use as a Google Apps for Work admin to help protect user data.

1. Increase security at login, while keeping things easy for users                     Two-step verification is a well-known protection against the theft of login credentials, the most frequent threat on the Web today. As an admin, you can easily enforce use of 2-step verification to enhance security for all users in your Google Apps domain. Security keys make authentication even more secure and more convenient for users. They’re easy to deploy and easy to manage, and as a Google for Work customer, you even get a 50% discount.



2. Prevent sensitive information from leaving your network                               Activate Data Loss Prevention (DLP) to help prevent information from being revealed to those who shouldn’t have it. Gmail DLP automatically checks all outgoing emails and takes action based on predefined policies, which include quarantining the email for review, telling users to modify the information or blocking the email from being sent and notifying the sender. Check out our DLP whitepaper and learn how to get started. Stay tuned for more on DLP later this quarter.



3. Get the mail you want, not the spam you don’t                                                   Gmail has long been known for its smart spam filters, today spam is only 0.1% of messages in the average Gmail user’s inbox. To help you track and improve the quality of the mail sent and received at your domains, you can use the Postmaster Tools. You should also follow the best practices outlined in Google’s sender guidelines. For example, create a Sender Policy Framework, prevent spoofing by adding a digital signature to outgoing messages using DKIM and create a DMARC record to track and prevent unauthenticated messages sent from your domain.



4. Enforce mobile device policies in your organization                                       Mobile Management lets you control the devices that can connect to your users' Google Apps data, whether iOS or Android, and perform actions like remote wiping.