Last month, nearly five million Gmail usernames and passwords were leaked on Reddit. Unfortunately, this sort of news has become commonplace. It is more important than ever to remain diligent about your security. Thankfully, Google provides a number of security options, and you can take matters into your own hands.
Here is how to secure your data if you use Google.
1. Use Google Apps for Work
If you take the security of your data seriously, you should pay for Google Apps for Work instead of using the free services. For five dollars per user a month, or $50 a user per year, you get the whole of the Google Suite — Docs, Gmail, Drive, Hangouts, and Calendars — with much greater control over security. Google Apps for Work can also be HIPAA-compliant and is FISMA-Certified. Google also offers 24/7 phone support for Apps for Work users. And you can use your own domain instead of sporting an @gmail.com email address.
As a consumer Gmail user, you don’t get any of these guarantees. If you lose your data and do not have a backup solution, tough luck. There is no phone number if your consumer account gets hacked or you lose access to your data, either.
If you love Gmail and are serious about security, pay for Google Apps for Work.
2. Enable Two-Step Verification
More accurately referred to as “cellphone confirmation” by Yahoo’s David Pogue, two-step verification is probably the best way to actively protect your account from security threats.
Two-step verification confirms who you are by requiring you to enter six random numbers that are either sent via text or provided with an app available on Android or iOS. Presuming you are the only person with access to your cellphone, brute-force password attacks on your account become near impossible to execute.
While this adds a bit of complexity to your routine, its benefits easily outweigh the (very) slight hassle. Google allows you to approve devices that do not constantly need two-step verification, such as your home office, and will generate complex passwords for apps that use your Google account but do not support two-step verification. It is also worth noting that the Google authentication app works offline — making it preferable to text-message verification.
3. Check What Apps Are Connected To Your Account
You probably use your Google account to log into at least some third-party services, and this could result in a security hole.
To check what apps and devices you have approved for access, simply go here. If you do not recognize a service or piece of hardware that has access to your account, revoke it immediately. I typically check what devices and services have access to my account once every three months.
It would be wise to do the same thing to your other accounts, like Facebook and Twitter, that allow you to connect third-party app.
4. Use Strong Passwords
A Microsoft study has shown that frequently changing your passwords does not help prevent security breaches. Don’t bother. Instead, focus on creating a strong passwords that are unique to each service you use.
5. Keep Your Browser Updated
All modern browsers provide regular security patches and other updates. All you need to do is let your browser update itself. You should also regularly check your plugins and extensions and remove any you do not use or recognize, or that are no longer updated.
That said, different browsers handle security threats differently. If you are looking for the most secure browser to use, read TipTop Security’s excellent post highlighting each browsers strengths and weaknesses. If you really want to lock down your browsing, WhiteHat Security’s browser Aviator is certainly worth a look.