Staying Safe

A cloaked figure holding a fishing rod with the hook over the laptop of a businessperson

The most common type of attack these days is called "phishing" and it relies on employees simply providing sensitive data because they were tricked into doing so.

STEP 1 - Reporting

Reporting Phishing

If you encounter a phishing attempt you should first report it to your IT administrators. Most email providers also allow users to report suspicious email and phishing scams. The instructions below are for Gmail. Reporting a suspicious message will prevent that user from sending you email, and Google will also use the report to help thwart future attacks.

Report a phishing attempt:

When viewing the suspicious email, click the drop-down arrow next to "reply"
Select Report Phishing
Click Report Message

See more Gmail phishing documentation from the links below.

STEP 2 - 2-Step Verification

Turn on 2-Step Verification on your Google account.

Most people only have one layer – their password – to protect their account. With 2-Step Verification, if a bad guy hacks through your password layer, they'll still need your phone or Security Key to get into your account.

How to enable 2-step authentication

Two muscled arms flexing one ither side of a password

Using strong and unique passwords is an easy step to protect yourself and your employer from hackers.

Step 3 - Strong Password

Creating a strong password.

Passwords protect all of your personal and corporate data on the web.

Using strong and unique passwords is an easy step to protect yourself and your employer from hackers.

Best Practices:

Use unique passwords that you can remember
Use a mix of letters, numbers and symbols
Do not use common, easily guessed passwords
Do not user personal info in passwords
Never send passwords over email or text message
Do not write your password where others could see it
Do not use the same password for multiple websites
Use 2-step verification for every website when available
Change your password often
Make sure password recovery options are up-to-date and secure

Step 4 - Password Management

Keeping your password safe.

Add the Password Alert Chrome extension. Click here and select the Add to Chrome button.

Password Alert is a Chrome extension that helps users avoid phishing attacks by detecting when they enter their Google password into any web sites other than the Google Sign in page: accounts.google.com.

Managing all of your passwords:

Use the built-in password management in the Chrome web browser, or use a dedicated password manager like LastPass, Dashlane, or 1Password.

Step 5 - Secure your Devices

Set a device pin on your smart phone.

Here are Android and iPhone instructions for setting a screen lock passcode.

Step 6 - Security Checkup

Complete the Security Checkup.

Sign into your account and go to https://myaccount.google.com/security

Security checkup screenshot for Google Account

Congratulations!

You have completed the Security Checklist!

More Tips and Tricks for Staying Safe

Learn how to protect yourself against suspicious activity with G Suite

How to protect your Gmail account from phishing and malware attacks