Call now for cybersecurity help: 888-646-1616
Josh Ablett

Is Gmail Secure? 6 Ways to Tell if it's Right for You

Is Gmail secure?  Let's walk through the security features they have, and think about how they work in the real world.

Feature Download: FREE checklist about Gmail and Google Workspace HIPAA Compliance (Download Now)

1) Is Gmail Secure against Phishing?

Hackers use "phishing" attacks to either steal your data or get control of your computer.  They'll send you an email with either a link or an attachment.  If you open it, they'll have access to your computer.

In our tests, Gmail is much better than Microsoft365 or Yahoo Mail at stopping spam and phishing emails.  While Microsoft365 has announced some better spam and phishing detection, we've been very happy with the long term performance of Gmail.

Google built "the first computer program to ever beat a professional player at the game of Go."  These "machine learning" programs are also great at spotting bad emails.

When it comes to spotting phishing, we think Gmail is the best game in town.

2) Is Gmail Secure against Sniffing?

Hackers can listen in on your web traffic.  You're especially vulnerable if you're using wifi in a public place like an airport or a coffee shop.

In 2014, Gmail started forcing all traffic to use HTTPS.  This stops hackers from listening in on your email on insecure wifi networks.

You can tell if you're using HTTPS by looking at this lock in the address bar of your browser:

HTTPS on:

Is Gmail Secure?  6 Ways to Tell if it's Right for You

HTTPS off:

Is Gmail Secure?  6 Ways to Tell if it's Right for You

3) Is Gmail Secure against Password Guessing?

Another way that attackers can use to get into your account is to try to guess your password.  Gmail keeps you safe from these attacks in three ways:

Is Gmail Secure?  6 Ways to Tell if it's Right for You

a) 2 Factor Authentication.  We HIGHLY recommend you use this.  When it's turned on, you'll need to use an app or a text message on your phone to get into your account.

Gmail has done a better job of 2 Factor Authentication than other companies.  It's easy to use.  It also only asks for your code if you're doing something weird (like logging on from a new computer).

If you don't have access to your app, it also lets you get codes via text message...

And they'll give you some backup codes you can use if you don't have your phone handy...

b) Password guessing.  If someone tries to log in to your account over and over, Google will lock them out.  People call this a "brute force attack."

c) Activity on this account.  We love this -- with the click of a button, it's super easy to see exactly where your account is being used.  You can also click a button to lock out other sessions.

is gmail secure account activity

Our HIPAA compliance customers get help in setting up two-factor authentication (and everything else) properly.

Is Gmail Secure? 6 Ways to Tell if it's Right for You

4) Is Gmail Security Easy to Use?

To us, this is one of the most important features of security.

You can have all the security in the world, but if it's hard to use, people won't use it.

Gmail has done a nice job of making security easy to use.

The best example is a step-by-step checklist that you can follow to make sure that your security is up to snuff.

It covers everything from strong passwords...

is gmail secure strong password

To double-checking that you're using legit devices...

is gmail secure connected devices

To making sure that outside apps are allowed...

is gmail secure connected apps

And more. We make sure these are all set up properly for our customers.

5) Is Gmail Secure on Mobile?

Gmail has great apps that run on Android or iOS and make it easy to sync your email to your phone.  Or, if you prefer, you can use the default mail apps.

The connection between your phone and Gmail uses SSL encryption.  This means that a hacker using sniffing can't see your email, even if you're on a public wifi network.

While the connection to Gmail is secure, you need to do a few more things to make sure your mobile phone is secure:

  • Protect it with a strong password
  • Make sure mobile encryption is turned on (it is by default in the newest mobile devices)
  • Have a way to track your phone if it's lost or stolen (like Find My iPhone or Android Lost)

6) Is Gmail Secure against the Government?

With news about warrants to access email, many people wonder if the government can access Gmail.

The answer is yes, though this is true of all US-based email providers.  If the police or FBI can get approval from a judge, they can compel Google (or other email providers) to turn over emails.

In fact, this is true in most countries.

We like the level of transparency that Google provides into this process.  On their site, you can see a country-by-country graph that shows law enforcement requests.

is gmail secure government warrants

While there are email providers that claim to not give access to law enforcement, we don't recommend using them.  Gmail has almost a billion users, and only 69,000 of them have been the subject of a warrant.  Which means that Gmail is a great fit for the 99.9999% of us that have nothing to worry about.

Gmail Encryption

Gmail is a great tool, and overall we recommend it to small and medium-sized practices. But if you want to send Protected Health Information (PHI) over email, you need to make sure the data is encrypted. When using Gmail, about 90% of the emails sent or received are already encrypted. But what about the rest?

You'll need a third-party tool to make sure every email you send is encrypted and secure. We've reviewed 7 of those tools and picked the best.

BAA does not mean HIPAA compliance

Here’s a disclaimer that many private practice “influencers” miss: signing a BAA with Google does not make your Google Workspace HIPAA compliant.

Seriously – Google CLEARLY says

“Customers are responsible for … ensuring that they use Google services in compliance with HIPAA.”

“PHI is allowed only in a subset of Google services.”

“These Google covered services … must be configured by IT administrators to help ensure that PHI is properly protected."

So yes, Google Workspace CAN be HIPAA compliant, but it’s not compliant right out of the box.

You need to make sure your account is secure.

Feature Download: FREE checklist about Gmail and Google Workspace HIPAA Compliance (Download Now)

What should you do next?

  1. Get our Free Gmail and Google Workspace HIPAA Compliance Checklist.
  2. Know someone who might like this article?  Share it!
  3. Have questions or something to add?  Let us know in the comments below!

Leave a Reply

Your email address will not be published. Required fields are marked *

3 comments on “Is Gmail Secure? 6 Ways to Tell if it's Right for You”

  1. I know it's been a while since the original post, but last year google announced (not too long after your question was asked..) they will no longer scan users' gmail messages for the purpose of serving ads -- which more aligns the consumer (free) version of gmail with the paid (Google Workspace) version: https://www.nytimes.com/2017/06/23/technology/gmail-ads.html

    Plus, just yesterday, google gave us an overhaul of the UI, and in the "coming weeks" we'll get some very cool privacy and confidentiality features as well: http://www.latimes.com/business/technology/la-fi-tn-gmail-confidential-20180425-story.html

    hope this helps--

5-star-review5-star-review5-star-review

Do you think we might be a
good match?

We help over 100 of the best financial services, healthcare, and manufacturing companies across the U.S. with their cybersecurity.
About
Blog
Copyright 2024 Adelia Associates, LLC | All Rights Reserved