For personal email, I use Gmail. Sure, I run an Exchange server at home, but my ISP is not exactly providing an SLA for business class connectivity on my home account, and I’ve had that Gmail address since the days of the early invite only mode, so there’s a lot of things connected to it. It was while I was checking out the notice of upcoming improvements to their advertising model that I stumbled across something called the Gmail Security Checklist.
This checklist sets 5 steps, with a percentage progress bar, and walks the user through tasks they should take to help secure access to their email. With more and more services using email as the way to communicate information, including statements and password resets, having your email secured is a critical, but for the layperson, daunting task. Gmail makes this as simple as possible, presenting checkboxes to mark tasks complete, links to relevant pages with more information, and using language that a non-technical user can understand and providing guidance along the way. I only wish they put it at the front of the Gmail login page, and then as a banner at the top of the Gmail interface, for it was not something most would stumble upon.
As such, I wanted to share an overview of this with you, and to call upon you all to do something similar for your users, your neighbors, your parents, and anyone else who looks to you as an authority on things IT. Here are the five major categories that Gmail presents to users.
Part 1: Your computer
Here Gmail advocates checking your computer for malware, updating your operating systems, and configuring your system for scheduled updates, including some of the most popular third party add-ons. To an IT professional this may seem obvious, but unless you setup your next door neighbor’s computer, would you willingly log on to your bank website using their PC? I didn’t think so. Do the neighborly thing and help them out.
Part 2: Your browser
Reminding users that all three of the major browsers need updating, this page gives quick steps on how to update IE and Firefox, and reminds users that third party plug-ins also require attention. This step may feel a little light compared to the previous, and it is, but hopefully most users who figured out how to add a plug-in can handle checking it for updates.
Part 3: Your Google Account
The third section is all about you and your account. It prompts you to change your password, to update recovery information in case you forget your password, offers to enable two-step verification, and links you to a page that lists all applications that you have authorized to access your Gmail account. Two-step uses SMS messages to your cellular phone for a second factor authentication, and checking apps that can access your account may bring back some memories. I had completely forgotten my SurveyMonkey account existed.
Part 4: Your Gmail settings
Here, you are advised to enable HTTPS for all connections to Gmail, to review recent access to your account, to review settings regarding forwarding, POP3 or IMAP access, etc., and to confirm your contacts. That final bit alone was great since it let me cull out some contacts I no longer need, but that keep coming up in autocomplete.
Part 5: Final reminders
Here, Gmail provides seven reminders, safety tips, or recommendations to help users stay secure. I won’t spoil things by listing them here; instead, I am going to assign some homework. Click the link above, walk through the steps, and then in part 5, consider how many of these are common sense to IT folks, but will be completely new revelations to regular users. Take them, and send out an email to your users, or your friends and family, or both, and share these tips with them. Sure, you may get some questions, but consider…a personally owned computer that can access your company’s webmail or Citrix portal, and that has a keylogger, has just compromised your security. If your users can use anything you cannot control to access your information, it’s in your best interests to help them secure it.