Google Workspace security whitepaper
Customers of Google Workspace own their data, not Google. We do not monitor customer data that Google Workspace enterprises enter into our systems for marketing. We provide our customers with a thorough Data Processing Amendment that outlines our commitment to safeguarding their personal information. In addition, if clients erase their data, we guarantee that it will be removed from our systems within 180 days. Finally, we provide tools that allow customer administrators to easily export their data if they wish to discontinue using our services without incurring any penalties or additional costs from Google.
No advertising in Google Workspace
We have no plans to add advertising to the Google Workspace Core Services in the future. For advertising purposes, Google does not collect, scan, or use data in Google Workspace Core Services. From the Google Workspace Admin panel, customer administrators can block access to Non-Core Services. Google indexes user data to deliver useful features like spam filtering, virus detection, spellcheck, and the ability to search for emails and files within a single account.
Advanced phishing and malware protection
You can protect incoming mail from phishing and malicious software as an administrator (malware). Depending on the sort of threat detected, you can also choose what action to take. You may, for instance, transfer dubious content to your Spam folder or leave it in your inbox with a warning. Using organizational units, all security settings may be customized for different individuals and teams.
Gmail provides warnings and pushes untrustworthy emails to the spam folder by default. You can identify more unwanted or hazardous emails by using the settings described in this article.
Note: Learn how compliance standards are applied to dynamic messages if you utilize these advanced phishing and malware settings and dynamic email for your firm.
Advanced security settings
Attachments—Protection against untrustworthy senders’ dubious attachments and scripts. It also protects you against attachments that aren’t usual for your domain and can be exploited to transmit malware.
External links and images—Identify links hidden behind short URLs, analyze connected images for dangerous material, and provide a warning when you click links to untrustworthy domains.
Protection against impersonating a domain name, employee names, email posing as from your domain, and unauthenticated email from any domain. A question mark appears next to the sender’s name in unauthenticated emails. Protection against spoofing can be enabled for private groups or all groups.
You can do the following with advanced settings:
Turn on and apply subsequently recommended settings automatically. This ensures that your domain’s email and attachments are fully protected.
Turn on all security options to provide the highest level of protection for a domain or organizational unit.
Check only the options you want to enable in the security settings. Unchecking all options disables the domain’s or organizational unit’s advanced security settings.
For each security option, you enable, provide an action. If you don’t choose an action for the security option, the default action is used.
Other spam settings—These additional security features work in addition to any other spam settings you may have enabled earlier. The increased security protections are still implemented even if you’ve marked a domain as a safe sender in spam settings.
When you choose the Quarantine option for any of the advanced security settings, the quarantine you choose is only applied to incoming communications. Even if the quarantine you choose specifies actions to take on outgoing messages, this is true.
Warning banners (yellow box)—Warning banners (yellow box) are only shown on Gmail online. A warning banner is not displayed by third-party apps.