is google’s popular email service gmail safe for work? The short answer is yes, at least for most of us, but there are circumstances where gmail is not a suitable work option.
Gmail’s default settings provide pretty strong security. The data that users can see in Gmail is actually encrypted with the industry standard 128-bit encryption. Google transmits data from Gmail to its users through Transport Layer 1.1 security, also an industry standard. On the user side, the encrypted data is authenticated by the sha1 cryptographic hash function and eventually decrypted by the ecdhe_rsa key exchange mechanism.
If this sounds confusing, that’s because we’re talking about cryptography, and cryptography is incredibly confusing to those of us who don’t do math problems for a living. In a nutshell, however, Google sends your Gmail information to you in an encrypted format that only you have the key to and only you can decrypt.
So for most of us, as long as we use strong passwords on secure machines, and especially if we have google’s two-factor authentication turned on, gmail is perfectly safe at work.
Of great concern is the reality that Google performs automated, non-human scans of the content of its users’ Gmail accounts and messages in order to display more relevant ads. In theory, therefore, it is possible for an attacker to learn a great deal about their target’s work (if that person uses gmail for work) simply by looking at web ads based on the target’s behavior and/or result rankings. personalized search for that person. while it is largely unknown whether or not such attacks have taken place, they are certainly possible. therefore, if his work is so sensitive that he would like to prevent others from knowing what he does, then it is recommended not to use gmail at work.
it is technically possible to intercept gmail data in transit via infected machines and spoofed digital certificates and given google’s annual transparency report there is no doubt that google complies and complies with prosecution requests for information and of the government.
You really have to evaluate the types of communication you do in gmail and decide for yourself if using it at work is a good idea. If you work as an anti-regime activist or are involved in activities that go against the interests of your government in a country that is known to actively monitor its citizens, then you probably want to avoid Gmail. Governments can subpoena Google for information from Gmail, and in some cases Google can do nothing but comply. Governments also have the money and resources to crack gmail encryption or they can forge certificates (as mentioned above), giving them the ability to impersonate google and perform man-in-the-middle attacks.
Several experts speculated that Iranian state-sponsored hackers compromised the Dutch certification authority (ca) diginotar last year so it could spy on its own citizens. No one knows for sure if this was the case, but the commitments of that CA and another so-called comodo in recent years have shown that such a threat definitely exists. even if nation-states weren’t responsible for those and similar attacks, someone was, and compromise of a certificate authority almost certainly means that someone is impersonating someone or something else, which also means that some user is unknowingly transmitting data to or through a source that is not what it claims to be.
Given the information presented above, users doing work that they don’t want their government to know about or that their government doesn’t approve of shouldn’t incorporate gmail into their professional life, whether that work is activism of some sort of something absolutely nefarious. more generally though, if you handle incredibly sensitive or valuable information of any kind on a regular basis, then you’ll probably want to avoid gmail or other cloud storage email systems, because valuable information is aggressively sought after by amateurs, criminals . , and state-sponsored hackers alike.
Of course, no one wants their gmail account to be compromised or their communications monitored, no matter what their job entails. There are also those who insist on using gmail at work regardless of their profession, so we have some suggestions:
You should only access and use your gmail account from a well-protected computer with a full security solution. Again, it’s incredibly important that users take advantage of Google’s two-factor authentication feature, which will help protect against account takeovers. You should also log out whenever you’re away from your computer, even if you leave it for a short period of time, because all the security in the world won’t protect against a malicious forwarding rule. As always, keep your browser and operating system up to date with the latest patches and avoid unsafe networks, especially unencrypted public Wi-Fi.