Google Apps Security

How to Stay Secure with Google

With UCSC’s increasing use of Google’s services, it is important to remember that sensitive information often requires special protection. It is also important to remember that although Google provides enhanced security features and UC’s contract with Google provides assurances regarding the security and privacy of customer information stored on Google’s systems, most security cautions that apply to UC systems apply to Google.

Following are several proactive steps you can take to help maximize security and privacy when using Google.


KEEP HIGHLY SENSITIVE DATA OUT OF GOOGLE

Don't use Google to send or store highly sensitive, Protection Level 4 data such as PII, HIPAA, EAR/ITAR and PCI.

If you must, encrypt it first.


SECURE MOBILE DEVICES

All devices used for work must meet UC and UCSC security requirements. Tips for protecting mobile devices are available on the Mobile Devices and Wireless page.


LIMIT SHARING IN GOOGLE DOCS

It is important to know Google's default settings and sharing options in order to avoid accidents related to over- or under-sharing. To learn how to share your Google documents, files, and folders with others, visit Google Sharing Information

This page will walk you through how to search for and adjust sharing in Google Drive.


LIMIT SHARING IN GOOGLE CALENDAR

Be sure you know who you are sharing your calendar and meeting information with. The default sharing setting at UCSC is that your Google Calendar and meetings on it are visible to everyone in the university.

Meeting privacy settings are at the bottom of each meeting's Event details page. There are three options:

  • Default: the event's privacy setting is the same as the calendar's overall privacy setting.
  • Public: makes that event's details available to everyone who can view your calendar, regardless of your regular calendar settings.
  • Private: only you, meeting invitees, and people you have granted 'Make changes to events' or 'Make changes AND manage sharing' privileges to your calendar can see the event and its details.
    • Important privacy note: If you create a private meeting in Google Calendar and invite people, those attendees can change the private meeting to public on their own calendar. 
  • Additional information about these settings

LIMIT SHARING IN GOOGLE GROUPS

Google has detailed documentation on all the permissions that are available for Google Groups. This page will walk you through a few common settings that should be considered when setting up your Google Group.


LIMIT SHARING OF YOUR GOOGLE CREDENTIALS AND CONTENT

It is important to remember that when you give access to your Google credentials or content via Extensions, Click-through services, 3rd party add-ons, and applications, you may have exposed UCSC to privacy and cybersecurity risk and liability.

It is your responsibility to take privacy and security into consideration when making decisions about when it is and is not appropriate to give access to your Google credentials or content.

 A Decision Tool is available to help you understand the implications.

Please contact the ITS Support Center if you have questions about any Extensions, Click-through Services, or 3rd party add-ons or applications that require access to your Google credentials or content.


REPORT SPAM AND PHISHING TO GOOGLE

Report email spam and phishing directly to Google. This helps put these bad emails on their radar, and you and other Google users will get less spam too! You must do this from your UCSC Google email on the web. Instructions

Report Calendar spam to Google: If you receive an unsolicited calendar invitation that you believe to be spam, report it to Google by clicking "Report Spam" on the detail page for the event. Instructions

More information about how UCSC handles spam 


GOOGLE PRIVACY AND SECURITY CHECKUP

Control, protect, and secure your UCSC Google Account at myaccount.google.com. Find quick access to settings and tools that help you safeguard your UCSC Google Account. Note: Your UCSC account passwords are managed through CruzID Manager.


VIEW YOUR GOOGLE DATA AND ACCOUNT ACTIVITY

You can see your data and information about how you've used Google’s products by visiting the Google Dashboard. You can get to the settings of most Google products you use from there and can use it to check for suspicious activity on your account. More Information


SIGN OUT WHEN NOT USING YOUR ACCOUNT

Be sure to sign out of your Google account when you're finished, especially when using a public computer. Just click on your username/icon at the top right corner of the screen and select "Sign out." If you're using a public or shared computer, to be extra thorough you can also clear the browser's cache, cookies and history. Then, completely close the browser.


CHECK GOOGLE'S SAFE BROWSING TOOL

Google's Safe Browsing Tool lets you see whether Google has flagged a website as dangerous to visit.


GOOGLE PRIVACY POLICY AND TERMS OF SERVICE

The University of California has a contract with Google that provides assurances regarding the security and privacy of customer information stored on Google’s systems. UC's contract with Google takes precedence if there is a conflict with Google's posted terms or policies. For more information about how to protect your own privacy using Google Apps., visit: Privacy Tools