Google Apps Security

google icon

How to Stay Secure with Google

With UCSC’s increasing use of Google’s services, it is important to remember that sensitive information often requires special protection. It is also important to remember that although Google provides enhanced security features and UC’s contract with Google provides assurances regarding the security and privacy of customer information stored on Google’s systems, most security cautions that apply to UC systems apply to Google.

Following are several proactive steps you can take to help maximize security and privacy when using Google.


ENABLE TWO-STEP VERIFICATION

Google's two-step verification uses a code in addition to your username and password. Each time you log in, Google sends a new code via text or voice message that you will need to enter. This means that to access your account, a hacker would not only need your username and password, but also your phone in order to get in.


KEEP RESTRICTED DATA OUT OF GOOGLE

Don't use Google to send or store highly sensitive information such as PII or other restricted data. If you must, encrypt it first.


MOBILE DEVICES

All devices used for work must meet UC and UCSC security requirements. Tips for protecting mobile devices are available on the Mobile Devices and Wireless page.


LIMIT SHARING ACCESS

It is important to know Google's default settings and sharing options in order to avoid accidents related to over- or under-sharing. To learn how to share your Google documents, files, and folders with others, visit Google Sharing Information


SHARING SETTINGS IN GOOGLE CALENDAR

Be sure you know who you are sharing your calendar and meeting information with. The default sharing setting at UCSC is that your Google Calendar and meetings on it are visible to everyone in the university.

Meeting privacy settings are at the bottom of each meeting's Event details page. There are three options:

  • Default: the event's privacy setting is the same as the calendar's overall privacy setting.
  • Public: makes that event's details available to everyone who can view your calendar, regardless of your regular calendar settings.
  • Private: only you, meeting invitees, and people you have granted 'Make changes to events' or 'Make changes AND manage sharing' privileges to your calendar can see the event and its details.
    • Important privacy note: If you create a private meeting in Google Calendar and invite people, those attendees can change the private meeting to public on their own calendar. 
  • Additional information about these settings

REPORT SPAM AND PHISHING TO GOOGLE

Report email spam and phishing directly to Google. This helps put these emails on their radar. You must do this from your UCSC Google email on the web. Instructions

Report Calendar spam to Google: If you receive an unsolicited calendar invitation that you believe to be spam, report it to Google by clicking "Report Spam" on the detail page for the event. Instructions


VIEW YOUR GOOGLE DATA AND ACCOUNT ACTIVITY

You can see your data and information about how you've used Google’s products by visiting the Google Dashboard. You can get to the settings of most Google products you use from there and can use it to check for suspicious activity on your account. More Information


SIGN OUT OF YOUR GOOGLE ACCOUNT WHEN YOU'RE NOT USING IT

Be sure to sign out of your Google account when you're finished, especially when using a public computer. Just click on your username/icon at the top right corner of the screen and select "Sign out." If you're using a public or shared computer, to be extra thorough you can also clear the browser's cache, cookies and history. Then, completely close the browser.


GOOGLE'S SAFE BROWSING TOOL

Google's Safe Browsing Tool lets you see whether Google has flagged a website as dangerous to visit.


Secure Transmission

UCSC's Google domain is configured use encrypted transmissions by default. This means that when you access your gmail or Google Apps via Google's web applications with your @ucsc.edu Google account, your email and docs are transmitted securely. This is true for the mobile email client, too. Google also requires encryption for third party email clients (e.g. Thunderbird, Apple Mail, etc.) to access your email data.

Even though Google encrypts your data during transmission, it will still be unencrypted at rest. Do not send or store restricted data in Google unless you have encrypted it first.


Google Privacy Policy and Terms of Service

The University of California has a contract with Google that provides assurances regarding the security and privacy of customer information stored on Google’s systems. UC's contract with Google takes precedence if there is a conflict with Google's posted terms or policies. For more information about how to protect your own privacy using Google Apps., visit: Privacy Tools