Healthcare organizations may want to consider two-factor authentication for email accounts. Passwords can easily get stolen by phishing emails , but two-factor authentication makes it harder for a cybercriminal to gain access to the second authentication method. It adds extra security to your account if a password is stolen. If you're using Google Workspace (formerly known as G Suite), then you should consider enabling two-factor authentication for your employees' email accounts as part of your HIPAA compliant email strategy.
Step 1: An administrator account turns on two-factor authentication
An administrator will need to turn on two-factor authentication in the Google admin console. After you've signed into the administrator account and have access to the home page, follow these steps:
- Go to "Security" and click "2-step verification."
- On the left, select the group of email accounts within an organizational unit or exception group.
- Check "Allow users to turn on 2-step verification". This lets email account holders turn on two-factor authentication.
- Select "Off" under "Enforcement." This action will make it optional for employees to set up 2-factor authentication. Even if you plan on requiring two-factor authentication, you will need to make it optional first or you will lock out employees from their email accounts because it's not set-up. Once step 2 is completed by all employees, you can come back to this step to turn on enforcement.
- Security keys: This could be a physical USB or a phone's built-in security key enabled via Bluetooth.
- Google prompt: An employee's phone will show a notification asking if they are trying to sign in which they can then confirm or deny.
- Verification code generators: An app or hardware token will generate a one-time code to sign in.
- Backup codes: An employee will have access to predetermined codes they can use to sign in to an account. Once a backup code is used, it becomes inactive and can't be used again.
- A text message or phone call: A code is sent to an employee's phone either by text or phone call. They must enter the code to sign in.
Step 2: An employee sets up two-factor authentication for their email account
Once an administrator has turned on two-factor authentication, the organization can then allow employees to set up two-factor authentication. Employees will log into their email account, and then follow these instructions:
- Go to their Google Account by clicking on the Google icon in the upper right corner.
- On the left is a navigation bar. Select "Security."
- Under "Signing in to Google," click on "2-step verification." Select "Get started" on the next screen.
- Follow the on-screen steps to set up two-factor authentication.
Step 3: Ensure all employees have set up two-factor authentication before enforcing it
If you plan on requiring two-factor authentication, you'll want to confirm that all employees have set it up before turning on enforcement. One way to track enrollment is by using the Google security health page to identify people that haven't used 2-factor authentication.
Add an extra layer of protection with Paubox
Paubox Email Suite Plus requires two-factor authentication to log into the customer admin panel, which adds another layer of protection against hackers. It also has robust inbound security tools that stop threats like spam, phishing emails, viruses, or malware from even entering an employee's inbox. This keeps a healthcare organization's network safe from malicious emails. It's also easy to use since it seamlessly integrates with popular email providers like Google Workspace. Say goodbye to patient portals, and hello to sending secure HIPAA compliant email.
Subscribe to Paubox Weekly
Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.