How-to guide: Defending against malware and phishing attacks

The threat landscape has fundamentally changed with the rise of state-sponsored adversaries and commercially-driven ransomware groups. While threats continue to grow in scale and sophistication, many breaches begin with routine, well-known attack patterns such as phishing and malware that legacy solutions still struggle with. In fact, according to the Mandiant M-Trends report, 72% of successful intrusions in 2023 started with a compromised identity or software exploit. To effectively combat this, organizations can adopt modern, secure-by-design solutions that can reduce the attack surface and are simpler to secure with built-in threat protection and detection controls. This blog post offers guidance on how admins can nullify phishing and malware attacks using Google Workspace, Chrome Enterprise, and ChromeOS.  

Block harmful emails, files, and websites with AI-powered threat defense and controls:

1. AI defenses in Workspace automatically block more than 99.9% of spam, phishing attempts, and malware from reaching your users. You can enable enhanced pre-delivery message scanning, advanced phishing and malware protection, and Security Sandbox to further protect against phishing emails and malicious files in Gmail.

2. Turn on Enhanced Safe Browsing in Gmail, allowing Gmail to take additional steps to check emails for harmful content before delivering them to users.

3. Extend threat protection beyond Workspace to other web and SaaS apps with Chrome Enterprise:

• Choose your Safe Browsing protection level in Chrome to prevent users from visiting harmful or unsafe sites. Upgrade to Enhanced Safe Browsing for real-time protection against a wider array of online threats, using signals from more than 5 billion endpoints. 

• Leverage Advanced URL filtering to block categories of dangerous and risky websites, or limit data being copied/pasted into these sites (including a category for generative AI sites).

• Get security insights, visibility into risky users, and basic browser controls with Chrome Enterprise Core at no additional cost. Take action on reported threats with Chrome Enterprise Premium.

4. Reduce the endpoint attack surface with ChromeOS — which has had zero reported ransomware attacks and has never had a virus.¹

• ChromeOS’s Verified Boot ensures that ChromeOS devices only run trusted software by performing a rigorous integrity check before booting up. ChromeOS boots into recovery mode and allows you to repair the issue.

• ChromeOS’s read-only OS prevents core operating system files from being modified or impacted by malware. Blocked executables further prevents any untrusted software, especially malware, from being run. 

• ChromeOS device management is a license you can add-on to manage more advanced features and security policies, like enforcing updates, applying data loss prevention controls, monitoring insights on device performance and security events, and more.

Prevent account takeovers with login protections:

1. Enforce login protections and controls, such as 2SV and session length, to help prevent unauthorized access and account takeovers. As an additional protection, Workspace now automatically rotates session cookies at a high frequency to reduce cookie theft risks. 

2. Enable passwordless login with passkeys, a simpler and more secure method than traditional passwords. With passkeys, users can sign in with their phone, a security key, or their computer’s screen lock.

3. Implement multi-party approval for sensitive admin actions.

4. Enroll users at high risk for targeted attacks, such as admins and business leaders, into Google’s Advanced Protection Program.

Respond to threats faster with a comprehensive security toolkit:

1. Leverage tailored security insights and actionable guidance developed specifically for your organization with Security advisor. Use the security dashboard to get an overview of available security reports.

2. Identify, triage, and respond to potential risks with the security investigation tool. With comprehensive access to device security, user access, and other logs, you can take targeted action on security and privacy issues in your domain.

3. Export Workspace logs to Google Security Operations or BigQuery for company-wide threat monitoring and analysis. Security Operations aids with insider risk by helping to identify risky user behaviors and anomalies. With BigQuery, you get access to a diverse variety of analysis tools such as individual activity information, aggregated usage metrics, custom reporting and dashboards, and more.

Threat prevention can feel overwhelming. But leveraging these advanced controls in addition to the built-in automatic threat defenses and the modern security architecture across Workspace, Chrome Enterprise, and ChromeOS can meaningfully reduce the security risks in your organization and the stress and workload for your IT and security teams. 

Learn more about our security approach and get started with a no-cost trial. 

¹_{As of January 2025, there has been no evidence of any documented, successful virus attack or ransomware attack on ChromeOS. Data based on ChromeOS monitoring of various national and internal databases.}