Google announces new security features, including authenticated logos in email

With the unfortunate emergence of the coronavirus (COVID-19) pandemic earlier this year, countless businesses have introduced the concept of working remotely to preserve the safety and health of their employees.

Although the flexibility and increased safety are definitely positives, online communication between coworkers has been a bit hard to get used to for people who are accustomed to speaking to each other in person on a daily basis.

Not only is a lot of this technology brand new for many users, but there have also been increased safety concerns circling around the tools we use to stay in touch and productive while working from the comfort of our homes. For example, phishing attacks have increased by a whopping 350% while we’ve been quarantined, according to PCMag.

As a result, technology companies are focusing on improving the security of their tools — and with well over 1 billion active users, Google is no exception.

Just recently, Google announced a list of new security updates for tools within its G Suite. These updates will affect Google Meet, Google Chat, and the Admin side of G Suite. But perhaps the most notable change is the introduction of authenticated logos to Gmail.

Authenticated logos

If you use Gmail, then chances are you’ve received a spam or phishing email before. If not, one may look like this, appearing to be from Bob Ruffolo, our CEO:

(Yeah, we get these a lot…and we don’t even have a Meredith who works here.)

As a result, Google is trialing a security feature that will act similarly to a social network’s verified badge. By showing a brand’s logo as an avatar, Google is hoping to be able to show users whether an email from a company is genuine or not.

Image courtesy: Google

It will be tested with a limited number of senders in the next few weeks.

This “authenticated logo” functionality uses the Brand Indicators for Message Identification standard, or BIMI for short.

According to BIMI Group:

BIMI “is an emerging email specification that enables the use of brand-controlled logos within supporting email clients. BIMI leverages the work an organization has put into deploying DMARC protection, by bringing brand logos to the customer’s inbox. For the brand’s logo to be displayed, the email must pass DMARC authentication checks, ensuring that the organization’s domain has not been impersonated.”

DMARC stands for domain-based messaging authentication, reporting, and conformance, a technology that prevents spammers from forging the “from” address of an email. If a spammer tries to use your company’s domain to send malicious emails, the quality of your domain can be negatively impacted.

🔎 Related: 3 ways to improve your email validation and sender reputation

Therefore, in conjunction with BIMI, Google’s new technology will now allow companies to use DMARC to control how Gmail handles spam messages sent from their domain. Google plans to do this by giving organizations the ability to display and control their logos on emails sent from them, resulting in immediate brand recognition, authentication, and verification for the users receiving those emails.

Google says this BIMI pilot program will enable organizations to validate their corporate logos and securely send them to Google. Once the authenticated emails pass additional anti-abuse checks, Gmail will then start displaying the logo in existing avatar slots.

If you’re not one of the initial testers of this functionality, don’t worry; Google is planning on making BIMI more widely available in the next few months.

Google Meet

Remember at the beginning of the pandemic when Zoom took charge of the video conferencing industry? Do you also remember when Zoom calls began to suffer from cyber attacks? “Zoom bombing” was a real thing, and many people were affected by it.

Seeing the release of some new features, perhaps Google Meet has learned a thing or two by watching Zoom from afar.

Users are getting some awesome new controls to better secure their meetings, including:

• If you kick out an uninvited guest, they will no longer be able to “knock” and rejoin a meeting.
• If you deny a user to join a meeting multiple times, that user will automatically be blocked from being able to request to join again.

• Google Meet hosts will be able to dictate who and how people can join meetings. They also can control if certain users will have the ability to chat and present.

Google Chat

Google is making some simple, yet smart updates to its Chat feature.

Now, if a link is sent via Chat, Google will flag it if it thinks it’s malicious. Similarly, if you suspect negative activity in a chat room, you’ll be able to report and block them.

The idea behind letting users do this is to gather security signals to better automatically detect and limit abusive content in the future.

G Suite

There are some general changes coming to G Suite, too. Included for Admins specifically are:

• New tools that will make it easier to block certain apps from accessing G Suite data, manage company-owned iOS devices, and prevent data loss.

• The ability to block end users from downloading, printing, or copying Google Drive docs, sheets, and slides that contain sensitive content by using automated information rights management (IRM) controls.
• A simpler way to control app access by being able to block apps from accessing G Suite services via API without having to create an allow list.

It’s better to be safe than sorry

With the uncertainty of what lies ahead when it comes to the pandemic, the surge in remote working doesn’t look like it’s going to subside anytime soon.

In the meantime, Google users can rest assured that their privacy is becoming increasingly protected due to the debut of new security features, and businesses can continue to operate somewhat unafraid, knowing that the tools they use every day to communicate with each other are continuously being improved to create more efficient and secure organizational experiences.

As for brands, in the next couple months, keep a look out for your company’s opportunity to enable authenticated logos.

Remember, the quality of your domain and your email sender reputation can be negatively impacted by unwelcome spammers. So, it's a no-brainer that proactively solving for the issue should be on your to-do list, especially in the midst of a pandemic.