Cloud Computing Essentials: Protecting Your GMail Account

Those people who are worried/paranoid about webside security should take heed of a security checklist published by Google for GMail users. Although the list is primarily aimed at Google users, the basic tenets here can be adapted as you see fit.

Check for viruses and malware

While no virus scanner can catch 100% of infections, it is still important to run a scan on your computer with a trusted anti-virus software (or install a program that runs in the background and scans continuously). If the scan detects any suspicious programs or applications, remove them immediately. I recommend Avast.

Make sure your operating system is up to date

Operating systems release patches to repair security vulnerabilities. Whether you use Windows or Mac OS, we recommend protecting your computer by enabling your automatic update setting, and updating when you get a notification.

Make sure to perform regular software updates

Check your browser for plug-ins, extensions, and third-party programs/tools that require access to your Google Account credentials. Plug-ins and extensions are downloadable computer programs that work with your browser to perform specific tasks. For example, you may have downloaded a plug-in or extension that checks your Gmail inbox for new messages. Google can’t guarantee the security of these third party services. If those services are compromised, so is your Gmail password.

Make sure your browser is up to date

Change your password. If your account has been recently compromised, you should update your password now. In general we suggest you change it twice a year, following these guidelines:

  • Pick a unique password that you haven’t previously used on other sites or on Gmail. Just changing one character or number still counts as reusing your password.
  • Don’t use a dictionary word or a common word that’s easily guessable. Use a combination of numbers, characters, and case-sensitive letters.

Check the list of websites that are authorized to access your Google Account data

Make sure that the list of authorized websites are accurate and ones that you have chosen. If your Google Account has been compromised recently, it’s possible that the bad guys could have authorized their own websites to access your account data. This may allow them to access your Google Account after you have changed your password.

To edit the list of authorized websites:

1. Sign in on the Google Accounts homepage.
2. Click the My Account link displayed at the top right of the page.
3. Click Change authorized websites. This page will list all third-party sites you’ve granted access to.
4. Click the Revoke Access link to disable access for a site.

Update your account recovery options

Confirm the accuracy of your mail settings to ensure that your mail stays and goes where you want it to. Sign in to your account and click on the Settings link at the top to check the following tabs:

  • General: Check Signature, Vacation Responder, and/or canned responses for spammy content
  • Accounts: Verify your Send Mail As, Get mail from other accounts, and Grant access to your account are all accurate.
  • Filters: Check that no filters are sending your mail to Trash, Spam, or forwarding to an unknown account.
  • Forwarding and POP/IMAP: Ensure your mail isn’t sent to an unknown account or mail client.

Check for any strange recent activity on your account

Click the Details link next to the ‘Last Account Activity’ entry at the bottom of your account to see the time, date, IP address and the associated location of recent access to your account.

Use a secure connection to sign in.

Watch out for messages that ask for your username and/or password. Gmail will never ask for this information

Never give out your password after following a link sent to you in a message, even if it looks like Gmail’s sign-in page. Access Gmail directly by typing in your browser’s address bar.

Don’t share your password with other websites – Google can’t guarantee the security of other websites and your Gmail password could be compromised.

Keep secrets! Never tell anyone your password, or your secret question and answer; if you do tell someone, change it as soon as possible.

Clear forms, passwords, cache and cookies in your browser on a regular basis – especially on a public computer.

Only select ‘Stay signed in’ if you’re signing in from a personal computer.

Always sign out when you’ve finished reading your mail.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Kevin Tea is a journalist and marketing communications professional who has worked for some of the leading blue chip companies in the UK and Europe. In the 1990s he became interested in how emerging Internet-based technologies could change the way that people worked and became an administrator on the Telework Europa Forum on CompuServe. With other colleagues he took part in a four year European Commission sponsored project to look at the way that the Internet could benefit remote communities. His blog is a resource for SMEs who want to use cloud computing and Web 2.0 technologies.

  • Hi Kevin, thanks for reminding me to check my Google account settings, this is great advice. I'm using Norton 360, do you think Avast offers more protections?

    • zdenek

      Hi Ileane, detection wise Norton is not a bad product and it had improved a lot in recent years. But if you look at the independend labs results avast free antivirus has the same or sometimes better detection results then Norton or Symantec. So it gets to what else you find important. For me, I like the fact that with avast and it 40MB installation i get the protection and it doesn't slow me down. Norton is at least 3 times the size and is much heavier on the system.