[vc_row][vc_column][vc_column_text]Both large and small businesses should be cautious with their security as they run the same risk of being assaulted with a simple malicious email .

Did you know that 91% of phishing attacks start with an email? And 66% of the most known malware attacks have been installed through emails and attachments?

Anyway, Google Workspace detects 99.9% of cyber-attacks. What a joy, we are covered! These malicious emails are sent to the spam folder or marked with warning signs for users. With this beautiful news and all, it is still important that we take care of that remaining 0.1% to prevent information, money, etc. from being stolen.

Esteban Molina, technical specialist in Google Workspace of Etixen, told us how to act in case of an attack to the security of a company and how to prevent it, within the event held at the offices of Google on March 17, 2023. We want to share with you all this very important information!

What does Esteban think about these statistics?

It is a delicate matter to ensure security in a company. Through the mail we have a door that is open 24 hours a day and leads directly to the heart of the organization. There is no magic solution for IT security. However, it is crucial to have various tools to protect the information of users and companies, such as Drive shared drives or the Vault platform.

Our technician talks to us about a report made on the U.S. Department of Homeland Security. which reveals that it has similar problems to other companies due to outdated components, weak passwords and lack of security patches. All sizes of companies face these IT security issues in today's complex world.

If a cybercriminal captures your email, by phishing, they can get all the valuable information in it, such as sensitive documentation. Y What would he achieve? He could, for example, ask for a loan for the bank or talk to other users to take advantage of the situation.

It should be noted that the user is the weakest point for a hackerThey are the ones they will look for in order to carry out a cyber-attack on the company's security. That is why it is very important to train them and give them the tools to be alert and recognize possible malicious emails. 

So, how do we realize that we are receiving a Phishing attack?

A phishing attack is a social engineering technique used by cybercriminals to fraudulently obtain confidential information from users and thus, appropriate the identity of those people. 

Here are some signs that may indicate you are being the victim of a phishing attack 😲:

• The website URL is suspicious: If the web address looks strange or is not what you expected, you may be on a fake site. It is important to pay attention to spelling, as some phishing sites use URLs similar to those of legitimate companies, but with misspellings.
• The email or message looks suspicious: If you receive an email or message that asks for personal or financial information Red Alert!. Often, phishing messages are disguised as emails from legitimate companies.
• Ask for personal information: If you are asked to enter personal information on a website, such as your name, address or ID number, make sure it is a trusted website. If you are unsure, do not enter your information.
• The message contains grammar and spelling errors: Often, phishing messages contain grammatical and spelling errors. Why? Because they come from people who do not speak the native language or who are not professionals.
• They offer rewards or threaten penalties: Phishing emails or messages may offer a reward or threaten penalties to get you to respond. Don't fall for it, as this is an attempt to obtain personal information.

Recommendation: If you have doubts about the legitimacy of a website or a message, contact the company or institution directly through its official website.

Esteban explains that the company must also act quickly if an attack has already occurred. What are the steps to follow?

If a company suffers a phishing attack, there are several important steps that should be taken to minimize the damage. 

Download the practical security guide for administrators, step by step through the various configurations to increase the security of your company with Google Workspace! Click here.

1. Communicate the incident: Notify affected employees, partners and customers about the incident in a clear and direct manner, explaining the steps being taken to address the problem.
2. Change passwords: Be sure to change all company passwords, especially those related to accounts that were compromised in the attack.
3. Analyze the scope: Conduct an investigation to determine the scope of the attack and the type of information that was stolen. This will help to assess the risk and decide what measures to take.
4. Report the incident: Report the incident to the relevant authorities, such as the police. If customer data has been stolen, it may be necessary to inform the data protection authorities.
5. Implement security measures: Strengthen existing security measures and consider implementing additional measures to protect company and customer data.

So we already have the information on how to detect a phishing attack and how to act when faced with one, but...

How can we prevent it so that we never have to face one? 

In this case, our specialist comments on several practices and tips that can be very useful for any type of company. So, all the attention on these points:

1. Train your employees to detect and prevent phishing attacks, and how to report security incidents.
2. Use two-factor authentication to protect your accounts.
3. Use strong and secure passwords, and change your passwords frequently.
4. Limit the personal information you share online by setting up different rules in the console.
5. Be wary of unexpected messages, especially those requesting personal or financial information.

Now, what happens when multiple devices are used to access Google Workspace?

Google continues to work month after month to ensure not only security but also privacy in the various tools of the suite. Fortunately, it is also possible to take various measures that prevent information leaks and continue to protect the company .

What are these measures?

• Defined clear and specific security policies that all employees must follow when working with mobile devices, including password protection, software updates and the use of security applications.
• Limit access to the company network to authorized devices only, and ensure that devices are up-to-date and have appropriate security software.
• Regularly monitor network traffic for suspicious activity, such as unauthorized access attempts or the transfer of large amounts of data.
• Train employees on how to protect sensitive information on their mobile devices, including setting strong passwords, encrypting data and securely deleting old information.
• Defined a clear policy for the secure deletion of data from employees' mobile devices at the end of their employment with the company.
• Keep your mobile devices' security software up to date to protect them against the latest security threats.

We should not forget about everything Google does for us, covering that 99.9% we talked about earlier. 

Google Workspace is a cloud productivity solution that offers a variety of tools to improve the IT security of an organization, becoming a great ally. It does everything possible to take care of its users through a wide variety of features designed for the protection and care of information and sensitive data of a company.

These functionalities include:

• Phishing and malware protection: Integrated security tools that enable automatic detection of malicious files and removal of phishing emails (from Business Starter version).
• Two-factor authentication: Required to access the account, which provides an additional layer of security. (From Business Starter version)
• Information management: Shared drives for users to work collaboratively and share information with other team members(from Business Standard version).

Shared drives can rely on another tool that complements information management within the ecosystem, called Google Vault. Google Vault allows Google Workspace account administrators to search and retrieve data quickly and efficiently. What kind of data? Emails, chats, documents, spreadsheets, presentations and files in Google Drive, as well as audit trails and activity logs (In Business Plus - Enterprise Standard and Enterprise Plus version).

• Mobile Device Management: Tools to manage enterprise mobile devices, including remote wiping of data in case of loss or theft.(In the Business Plus version - Enterprise Standard and Enterprise Plus)
• Access control: Access permissions to company data and applications to prevent unauthorized access.
• Security audits: Audit and investigation tools to monitor the use and security of the platform. Thanks to this, administrators detect and solve security problems (in the Business Plus - Enterprise Standard and Enterprise Plus version).

Conclusion

In short, all businesses, regardless of size, are at risk of cyber-attacks via malicious emails. While Google Workspace provides robust protection, it is critical that companies pay attention to the small percentage that are exposed.

Don't forget to download the practical security guide for administrators. Click here.

We repeat again, train your users and administrators to identify and prevent attacks. Cyber security has no magic solutions and users are the most vulnerable link for attackers. Therefore, it is essential to remain vigilant and take precautionary measures to safeguard confidential information.

Are you ready to take care of your organization as a user or as an administrator? Would you like us to train you? Talk to us[/vc_column_text][/vc_column][/vc_row][vc_row text_align="center"][vc_column width="1/1″][minti_button link="https://wa.me/message/ZJKJONH54X3LA1 " color="color-2″ size="medium"]CONTACT US[/minti_button][/vc_column][/vc_row][/vc_row]