As an administrator, you know that time is of the essence when attempting to diagnose a security breach. One of the hardest things to manage is identifying when a user's password has been compromised. Often times, there is no way to tell that someone has gained unauthorized access until it is too late.
Google brings tools to help Google Apps administrators fight against unauthorized access and stolen passwords. One of the most useful security features of Google Apps is the Suspicious Login Alert. Google has detection algorithms for when a username and password is used in a way that it is normally not. This is usually triggered by a user signing in from an unusual location or a new device.
This setting is easily activated by going to the Google Apps Admin Panel and clicking on Reports. Select Manage Alerts from the left navigation list, and then enable the alert. By default the alert is set to go to Super Administrators, however you can also send them to other users or groups. Maybe you want to send them to an HR or management group to check if that employee is on vacation or a business trip to the suspicious location.
Google Security in Action
Recently, one of our clients told us that received several suspicious login emails within a couple days, all for the same user. After calling the user right away at the first sign of trouble and finding out that she was not in those locations, they immediately had her follow the recommended steps on the Gmail Security Checklist.
After receiving another suspicious activity alert, the administrator realized something was off. He had the user bring in her laptop, and after running a full virus scan, discovered that there was a keylogger running in the background. After cleaning off her laptop, and resetting her password once again, they have not received any more alerts for this user.
This whole scenario gave this administrator the final evidence he needed to successfully push for implementing 2-Step Verification across the entire company. Had it not been for the Suspicious Login Activity alerts, nobody would have ever known there was a keylogger on this user’s computer, and an enormous amount of company information could have been compromised.Originally published on October 19, 2015