Google Apps Security
How to Stay Secure with Google
With UCSC’s increasing use of Google’s services, it is important to remember that sensitive information often requires special protection. It is also important to remember that although Google provides enhanced security features and UC’s contract with Google provides assurances regarding the security and privacy of customer information stored on Google’s systems, most security cautions that apply to UC systems apply to Google.
Following are several proactive steps you can take to help maximize security and privacy when using Google.
ENABLE TWO-STEP VERIFICATION
Google's two-step verification uses a code in addition to your username and password. Each time you log in, Google sends a new code via text or voice message that you will need to enter. This means that to access your account, a hacker would not only need your username and password, but also your phone in order to get in.
KEEP RESTRICTED DATA OUT OF GOOGLE
All devices used for work must meet UC and UCSC security requirements. Tips for protecting mobile devices are available on the Mobile Devices and Wireless page.
LIMIT SHARING ACCESS
It is important to know Google's default settings and sharing options in order to avoid accidents related to over- or under-sharing. To learn how to share your Google documents, files, and folders with others, visit Google Sharing Information.
SHARING SETTINGS IN GOOGLE CALENDAR
Be sure you know who you are sharing your calendar and meeting information with. The default sharing setting at UCSC is that your Google Calendar and meetings on it are visible to everyone in the university.
Meeting privacy settings are at the bottom of each meeting's Event details page. There are three options:
- Default: the event's privacy setting is the same as the calendar's overall privacy setting.
- Public: makes that event's details available to everyone who can view your calendar, regardless of your regular calendar settings.
- Private: only you, meeting invitees, and people you have granted 'Make changes to events' or 'Make changes AND manage sharing' privileges to your calendar can see the event and its details.
- Important privacy note: If you create a private meeting in Google Calendar and invite people, those attendees can change the private meeting to public on their own calendar.
- Additional information about these settings
REPORT SPAM AND PHISHING TO GOOGLE
Report email spam and phishing directly to Google. This helps put these emails on their radar. You must do this from your UCSC Google email on the web. Instructions
Report Calendar spam to Google: If you receive an unsolicited calendar invitation that you believe to be spam, report it to Google by clicking "Report Spam" on the detail page for the event. Instructions
VIEW YOUR GOOGLE DATA AND ACCOUNT ACTIVITY
You can see your data and information about how you've used Google’s products by visiting the Google Dashboard. You can get to the settings of most Google products you use from there and can use it to check for suspicious activity on your account. More Information
SIGN OUT OF YOUR GOOGLE ACCOUNT WHEN YOU'RE NOT USING IT
Be sure to sign out of your Google account when you're finished, especially when using a public computer. Just click on your username/icon at the top right corner of the screen and select "Sign out." If you're using a public or shared computer, to be extra thorough you can also clear the browser's cache, cookies and history. Then, completely close the browser.
GOOGLE'S SAFE BROWSING TOOL
Google's Safe Browsing Tool lets you see whether Google has flagged a website as dangerous to visit.
UCSC's Google domain is configured use encrypted transmissions by default. This means that when you access your gmail or Google Apps via Google's web applications with your @ucsc.edu Google account, your email and docs are transmitted securely. This is true for the mobile email client, too. Google also requires encryption for third party email clients (e.g. Thunderbird, Apple Mail, etc.) to access your email data.
Even though Google encrypts your data during transmission, it will still be unencrypted at rest. Do not send or store restricted data in Google unless you have encrypted it first.
The University of California has a contract with Google that provides assurances regarding the security and privacy of customer information stored on Google’s systems. UC's contract with Google takes precedence if there is a conflict with Google's posted terms or policies. For more information about how to protect your own privacy using Google Apps., visit: Privacy Tools