Google's MFA changes, and fixing email headaches part 2. cover art

Google's MFA changes, and fixing email headaches part 2.

Google's MFA changes, and fixing email headaches part 2.

Listen for free

View show details

About this listen

 Script 19Hello and welcome to Your Operations Solved, for Tuesday, may 11th, 2021I'm your host, Channing Norton, of PC Solutions, and this is the 19th episode of our show,Listen to us Tuesdays, Wednesdays, and Thursdays, or on our Saturday compilation episodes. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also enjoy it.With that out of the way, let's get started on today's headline.Google has announced that 2FA by default will be rolled out to google consumer accounts over the coming weeks. Even for accounts that already exist. If 2 factor CAN be enabled, it WILL be enabled.This is great news from a security perspective. A LARGE number of successful cyber attacks are able to do a large chunk of their damage due to compromising an email, and gmail, which this change affects, is by far the largest host of consumer email. While it's hard to know exactly, market research would give google a marketshare of between 30 to 70% of the personal email market by actively used mailbox count, and about 40% marketshare over the business email market. Right now, they are just forcing 2FA for consumer mailboxes, but its likely that, in the coming months, administrators of their Google Apps platform, which is used for business email, will have to specifically opt out of 2FA if they don't want it to be defaulted on there. Between these two platforms going to near universal 2FA, the internet is about to get noticeably safer. According to Verizon's 2020 cyber breach data, two thirds of successful cyber attacks against businesses leverage compromised emails. 2 Factor authentication makes compromising an email much much harder. Possible, but not without much more effort. While I don't have hard numbers to give you, I will anecdotally say that I've handled several hundred to a thousand compromised email account scenarios in my career. Of them, only a SINGLE one was on an account with 2 factor set up, despite, across the environments I've worked in, the split of people with 2FA and without was roughly 50/50. As such, this change promises to make a SUBSTANTIAL chunk, about 50% of these business cyber attacks considerably harder.With that done, let's continue our conversation from Thursday about structuring our email system.So, as a review, for our address types, we had standard addresses, aliases, distribution lists, and shared mailboxes. In structuring our mail system, we had 8 focuses.1. A good email system should leave you open for growth.2. A good email system should reduce the exposure of turnover to customers.3. A good email system should allow for customers to feel they are having personal interactions when necessary4. A good email system should provide a framework for clear internal communication.5. A good email system should allow your employees to easily identify what mail they are responsible for6. A good email system should be as free of spam and phishing emails as reasonably possible.7. A good email system should allow segregation of mail by type and purpose.8. A good email system should not allow messages sent to former employees and addresses to go unnoticed.Using the tools we outlined above, how can we accomplish these goals most effectively? It obviously depends on your business, and who your customers are and how they get in touch with you, but let's get an idea of what a good structure might look like. Give every living, breathing, human in your organization an email address. I suggest first initial last name as the format, as it scales very well and is the defacto standard, but take any format you want for naming these accounts. Just standardize it. These first initial last name accounts will be primarily used for INTERNAL communications with your employees between one another, as well as administrative functions like signing up web accounts. The only cases where employee specific accounts will be external will be in high touch positions like salespeople and account managers, where, should turnover occur, you would expect to directly notify clients of their handover. As a good rule of thumb, if the person in question is issued business cards, you can expect traffic from your customers or vendors to this address.Next, examine every external facing department or activity. These are the areas that you want to protect from turnover. As such, they should be assigned shared mailboxes, with access granted to each person who could handle such requests.There's a few applications here. Broadly speaking, they fall into 3 categories.1. Emails that you post online. For instance, the bottom of your website might list Sales@company.com, or Customersupport@company.com. Depending on the nature of this email address and the level of personalization required, you will then either respond to incoming emails by reaching out to submissions from a direct email address, like what you'd want with a sales inbox, or merely by replying, for ...
No reviews yet