Last updated:
March 11, 2021
Cut to the chase...
Get started with the world's first shared inbox designed for Gmail and Google Workspace.
Cut to the chase...
Turn your most effective emails into smart templates you can share with your team in Gmail.

Do you know that half of US adults get hacked every year? Imagine what it would be like if your personal or company's Gmail account also got hacked. Not a pleasant thought...

Follow these 7 steps to ensure that your Gmail security is top-notch and you are no longer at risk of being compromised.

Step 1 towards a better Gmail Security: Activate Two-Step Verification

Google’s concern over account theft issues has resulted in the introduction of a security feature known as 2-Step Verification. Two-Step Verification provides an extra layer of Gmail security. Every time you wish to access your account, a code will be sent to your phone; thus making it impossible for another party to guess your password.

To activate 2-factor authentication, click here and follow the on-screen instructions.

Gmail security

Note that you'll need a mobile phone to activate this functionality. Should you lose your phone, you can create printable backup codes and a backup phone number as alternatives for accessing your account. You can also create an application-specific password for applications that don’t request a verification code.

It might sound annoying and probably will be the first few times, but it’s certainly the best way to have foolproof Gmail security and not be worried about having your Gmail account hacked.

Step 2: Don't share your Gmail passwords and use Shared Inboxes instead

If your team uses a group email address such as info@, sales@ or support@, multiple team members need access to it.

Sharing one password is far from being the most secure solution. Instead, the recommended practice is to create shared inboxes for your group email addresses.

Shared Inboxes allow you to invite relevant team members, and let them manage group emails together directly from their respective inboxes. The best solutions on the market make it also possible to assign emails to specific team members, change the status of a conversation, and add tags for more context.

Another benefit of the shared inbox model is that your team can forget about duplicate and colliding replies. Teammates will see each other’s avatars if they are viewing an email, and the red ellipsis will pulse in real-time if they are replying.

Unsure whether shared inboxes could make sense in your company? Feel free to check out this article on what exactly is a shared inbox and how it works.

Step 3: Revoke access to 3rd Party Apps

You may have signed up to a certain website using your Google credentials or installed third-party extensions/apps over time. Some of those may put your Gmail account at risk one day. The best practice is to always revoke access to apps you no longer use to mitigate any risks.

Head to your Google’s account permissions page to revoke access to anything you don’t want to keep. Ensure to repeat this step from time to time, e.g., once quarterly.

Step 4: Check for suspicious activity

If Google notices suspicious activity in your account they’ll send you a notification. It may be that there are sign-ins from an unfamiliar location or an unfamiliar device. Ideally you should also manually review your account at least once a month to make sure that no suspicious activity has taken place.

To review your account, click on the link 'Details' located on the right hand side of the footer of your mailbox.

Footer Gmail inbox

You’ll see a list of sign-ins and alerts that have been blocked, including sign-ins from new devices.

recent gmail activity

Should you notice unusual activity, try to recall why this activity seems unfamiliar. If you can’t recall the activity and you’re unsure as to why it exists, your best action is to change your password immediately and enable 2-factor authentication (remember step 1 above?).

Step 5: Check your account filters for forwarding emails

It’s important that you to ensure that there are no active filters in your account which may be forwarding your email to a third-party email address. This check is simple: Go to your Gmail Settings' page and click on the Filters tab. Look for filters you haven’t authorised or don't use and delete them.

Gmail Filters

In addition, check the Forwarding and POP/IMAP tab to ensure there’s no unauthorized forwarding address other than those approved by you.

Step 6: Authenticate your emails when sending sensitive information

On receiving an email, you may notice that next to the sender’s email address there’s a small red padlock. This indicates that the message is potentially unsafe.

This red unlocked icon comes with emails that have not been authenticated by Transport Layer Security (TLS) encryption. Don't worry too much if you don't understand how the technology works. You only need to be concerned if you see this icon and the message has something to do with passwords or other sensitive information. At this point you need to contact the sender of these insecure emails if want to continue exchanging messages with this person.

Step 7: Detect and block email trackers

You may not be aware that many people and companies track emails they send nowadays. With this information, they may know exactly when, where, and how many times you’ve read their message. You can detect and block such trackers by installing extensions. We recommend to use our own tool to achieve this as we know our code is clean and we don't store nor transmit your Gmail data. Learn more here

Block Email Tracker

Gmail Security - In Conclusion

By taking the above simple steps you can be assured that your Gmail inbox and the ones of your teammates are safer. Like always when speaking of e-security, be on the lookout for notifications from Google advising that you need to add additional Gmail security in order to stay on top of any new potential vulnerabilities.

We encourage you to share these quick actionable steps with your teammates and family members as they're simple to implement but can really make a difference for the integrity and security of their Gmail inboxes. This short guide is available at:

https://gmelius.com/blog/gmail-security

https://fr.gmelius.com/blog/gmail-security (Version française)

The collaboration platform for Gmail.

Get Gmelius, it's free
Gmelius empowers your teams to collaborate, manage projects, serve your customers, and automate workflows without leaving Google Workspace and your favorite daily apps.
Cut to the chase...
Get started with the world's first shared inbox that lives in Gmail.
Cut to the chase...
Turn your most effective emails into smart templates you can share with your team in Gmail.
Gmail Security: 7 Steps to Protect Your Gmail Account
Florian Bersier
Author
Florian Bersier
Florian Bersier is the founder and CEO of Gmelius, a groundbreaking platform that transforms business communication for Google Workspace users with its shared inbox and process automation solutions. A passionate skier and cyclist, Florian lives in the Swiss Alps with his wife and two young daughters. He holds a PhD in Complex Systems from the University of Oxford and a Master’s degree from École Polytechnique in France. Florian is a Y Combinator Alumnus (YC S19) and a member of the Network of Excellence in Internet Science.

Continue Reading

It's time to take back control of your workday

Leading email collaboration software
7-day free trial & no credit card required
5-minute setup
Cloud secure
99.99% uptime the last 12 months
Shield
Serious about security & privacy