How do I secure my Gmail account?

By Harsh Vardhan
secure gmail

Your work Gmail account may have a lot of valuable, confidential, and sensitive information. That’s why there is a high chance someone may try to hack it and try to read its contents. 

You want to prevent this from happening by taking security measures to safeguard your Gmail account.

And in this article, we will show you how to do exactly that. And while there are many ways to secure your Gmail account, we’re going to list our top eight favorite ways. 

Eight ways to safeguard your Gmail account

In this article, we’re not going to tell you not to set your password as ‘123@#$%$’ — or not to leave your email info lying around. Instead, we’re going to assume you have already taken basic security measures to safeguard your account.

The purpose of this article, instead, is to show you ways to secure your account that you might have overlooked. 

Let’s get started. 

1. Update all the softwares you use to access Gmail

There are three primary devices you probably use to access your Gmail account. 

  • Your smartphone
  • Your tablet
  • Your computer

Here’s what you should do before you use these devices to access your Gmail account:

Your Smartphone and Tablet

You either have an Android smartphone or an iPhone. And in your phone, you probably use an email app (most probably the Gmail app) to access your account. 

If this is the case, the first thing you want to do is make sure your email app and software is up-to-date with the latest version:

  • Simply open the App Store or Play Store and see if you have any updates for your installed Gmail app. If there is, install it. 
  • Next, make sure you have the latest version of iOS or Android running on your phone. To check that, open your settings app and open the About This Device or Device Information setting. Here, you’ll be able to see the software version of your Android or iOS device. 
  • See if you have your phone updated with the latest versions of the software. At the time of writing this article, the latest iOS version is iOS 12.x.x — and the latest Android version is Android 9.x. 

Hint: On Android, in particular, look for the Last Security Patch date as well. If it’s more than a few months since you’ve received one, your phone may be vulnerable to malware and your Gmail account may get hacked (since you’re already signed in).

If you aren’t getting any updates, maybe you should consider switching to a phone that supports the latest software - or at least the latest security patch.

Your Computer

Your computer, especially the one with Windows OS, is highly susceptible to malicious attacks that may compromise your Gmail account. To make sure it doesn’t happen, follow these steps:

  • Check your Mac/Windows PC for software updates. If there is one, quickly update it. 
  • See if your computer hardware supports the latest version of MacOS or Windows. The latest version (at the time of writing this) for Mac computers is MacOS 10.14 while the latest version for Windows computers is Windows 10 Version 1903- May 2019 Update.
  • Make sure your browser has ‘auto-update’ turned on and receives the latest updates. 

By taking these steps, you at least make sure that none of the software you’re using to access Gmail can be easily hacked, thus improving your email account’s security. 

2. Review and remove irrelevant Apps and Extensions from accessing your Gmail account

The next step you should take is to see which apps are connected to your Gmail account. This is because connected apps many times have permission to look at your emails. And this is dangerous.

That’s because sometimes the apps and extensions connected to your email account get hacked and through them, your email account also gets in control of a malicious 3rd party.

Or sometimes, if the app or extension connected to your account isn’t very well known, they themselves may be selling the info which they are getting from your emails. 

To prevent that from happening, we suggest you check which apps and extensions are connected to your Gmail account — and remove the ones you aren’t using anymore. 

To do this, here are the steps you should take:

  1. Sign in to your Google Account and head to this page.
  2. On the left-side menu, click on ‘Security’.
  3. On the box that says Third-party apps with account access, click on Manage 3rd Party Access.

Here’s something to remember. Not all 3rd party apps will show up in this security panel. 

secure gmail - third party access

Here, review the apps you aren’t using. Which Google App each extension, app or website is using will be written next to them. To remove access, click on the app and then click on the blue Remove Access button. 

But do remember: Some apps like Slack, Grammarly, and VPNs can access your account thanks to their own extensions and add-ons. Therefore, if you’re using such apps and connecting them to Gmail, do so with caution and do a bit of research as to whether they are safe to use.

3. Perform Google’s Security Checkup every few months

Chances are you don’t use just one device to access your Gmail account. You switch between work and home PCs. Then, there’s your phone, and your tablet. And maybe once a year, you update your phones and computers to newer hardware. 

If that’s the case, chances are your Gmail account is on many phones. 

Plus, let’s not forget the fact the many apps you use let you sign up using your Google account. And in doing so, they get access to your Gmail as well. But now you don’t use a couple of those apps but they still have permission to view your Google account. 

The point is: there is a lot of loose gaps through which your Google account can be compromised. 

The best way to close those gaps is to occasionally visit Google’s security checkup tool.

Here, you can quickly find how many apps are connected to your account, which devices you are signed in on, how many sign-in events took place and much more. 

Any suspicious activity that takes place in your Gmail account can be found here, and resolving them takes only a few clicks!

4. Visit and follow the precautionary steps outlined on Google’s main security page

The tip inside the section above can only help you once a suspicious activity takes places in your Gmail account. 

But why let things go that far? 

Why not protect your Gmail account from the get-go instead — so that hacking your Gmail account becomes insanely hard, to begin with? 

Doing so is possible, thanks to the security tips provided by Google on their main security page. 

 secure gmail - security center

Here, you will find every single setting you can turn on to improve your Gmail account’s security. 

Whether it’s 2FA, Trusted Sign-in using Devices, Phone, and Email Verification or something else, everything can be done inside this page. Plus, here, you get your additional settings as well such as on which devices you are signed up with, the location where the sign-in took place and how many apps and websites were signed into using your Gmail account. 

To see the security situation of your Gmail account - and to improve it, sign in to your Google account and visit this page.

5. Check existing Filtering and Forwarding rules

Gmail allows you to set specific ‘rules’ for forwarding and filtering emails. If someone gains access to your account, they can use these features to silently get access to all the emails you receive. 

Fortunately, you can stop that from happening. 

Simply click on the gear icon on the top-right corner of your screen and click on the Filters and Blocked Addresses tab. 

Here, delete all the filters which you haven’t created yourself. This will stop any emails of yours being forwarded to unknown accounts. 

If unknown filters were added to your account, it means your Gmail account has already been compromised. If that’s the case, go ahead and change your password at once. In addition, perform security checks listed in the steps above to safeguard your account from being compromised again. 

6. Check the encryption level of your emails

The whole purpose of performing these security exercises is that your sensitive emails don’t leak away.

But you can only go so far to protect your emails. In your inbox, chances are you will be sending sensitive emails to other people as well. And is their inbox as secure as yours? 

But one thing you can do before sending sensitive emails is to check their ‘encryption’ status. 

Note: This is only possible in the G-Suite version of Gmail. 

So if you are using the free version of Gmail, you won’t be able to see the encryption status. But this doesn’t mean Gmail doesn’t encrypt your emails. On the contrary, they encrypt it using TLS technology. But here’s the catch: TLS encryption only works if the other person also has a TLS supported inbox. 

But if they don’t, your emails won’t be encrypted!

On the other hand, in G-Suite, Gmail uses an S/MIME email encryption system. This type of encryption also only works if the other person has it enabled in their G-Suite account or email service. 

But what makes S/MIME is unique is that you can actually see whether your email will be encrypted. Because on the right side of the sender’s name, you’ll see a ‘green lock’ which signals that your email is being encrypted and can only be read by the person you’re sending the email to. 

If you don’t see the ‘green lock’, it means your email isn’t encrypted and can be seen by a 3rd party, in which case, you shouldn’t send the email if it is highly sensitive. 

Pro tip: If you have no choice but to send a sensitive email, but don’t require it to sit around in the receiver's inbox, you can send a self-destructing email

7. Use Incognito mode and VPN in public places

Signing in to your Gmail account from a public computer or public WiFi means handing over your email account to hackers on a silver platter. So as a precaution, never access your Gmail account on public WiFi or public computers. 

But if this is something you absolutely must do, take two important precautions:

  • Use a PAID VPN service: Free VPNs make money by selling your data. Let’s assume that’s true because 99% of the time, it is. So that’s why it’s better to use a paid VPN service instead. It will encrypt not just your email, but all your internet traffic, making it safer for you to browse the internet in a public place. 
  • Open your emails in Incognito Mode: When you sign in to your email account, your browser saves all sorts of cookies, trackers, and passwords. To prevent that from happening, open your Gmail account in Incognito mode instead. It will be like you never signed on in the first place.

Another thing you could do is use an online/onscreen keyboard to type in your Gmail username and password. That’s because some public computers may have an app that tracks keystrokes - and that can reveal a lot of sensitive information about your Gmail account. 

8. Confirm whether your email information has been leaked or not

Finally, if you are still wondering whether you should apply the security tips in this article, we suggest you finally confirm whether your Gmail account information has been leaked or not.

If it has, there is a very high chance that your email information is being sold to the highest bidder.   

The place where you can check whether your email information has been compromised is by going to haveibeenpwned.com. Here, simply type in your email address and it will show you as a result of which apps your email info was leaked. 

secure gmail - prevent leaks

And even if your email is safe - and its information hasn’t yet leaked, you still should take at least some of the preventative measures listed in the article. 

You know what they say, prevention is better than cure! 

You might find these interesting too:

About the author

Harsh is the content lead at Hiver. He's jocular, loves dogs, and is always up for a road trip. He also reads sometimes.

Comments

Comments are closed.