Google Apps security is a top priority for Google, and the company has truly top-notch ways of handling and storing confidential information on their end. It’s a must for a cloud-based service for enterprise customers, and Google certainly delivers. But some of the most important security features, particularly in Gmail, must be deliberately opted into. We’ll show you how to put Gmail on lockdown so you can easily treat your own data with the same level of security and protection that Google already does.

First, a little bit about Google Apps security. It takes two forms: making sure you can access your data all the time, and making sure unauthorized people can never access your data. Google guarantees 99.9% uptime for all the Google Apps services. It also automatically backs up your data as you create it, so there’s no risk of losing data, even in a disaster situation.

In terms of keeping other people out of your data, Google Apps security is already very strong. Google automatically encrypts any browser session which uses Google Apps, which ensures that troublemakers can’t just grab your data and take a look at. Google Apps are lean, tight pieces of software, so they don’t include the kind of vulnerabilities a sprawling suite like Office tends to accrue over the years. And Google’s data centers, where your data is stored after it safely reaches them, all have high levels of industry certification for security.

The weakness of Google Apps security, to the extent that there is one, lies with you. But it’s very easy to change that. In Gmail, the first place to go is Settings (in the menu that appears when clicking the gear in the top right on the web interface).

Choose to always use HTTPS.

This setting, under ‘General,’ forces Gmail to use HTTPS (Hypertext Transfer Protocol Secure) at all times. Regular HTTP is unencrypted. HTTPS is always encrypted, and with just one click, you can make that happen. Google only has this option so that some older browsers, which don’t support HTTPS, will still function. But a small business won’t need to worry about that, so activate HTTPS.

Turn off POP/IMAP forwarding.

POP/IMAP forwarding enables someone to read your email from a remote interface. This is both an extremely convenient feature and a potentially huge security risk. It allows you to read your email from a traditional desktop client (like Outlook) or provide an assistant with access to your inbox, but it can also allow troublemakers to get into your email undetected. If you don’t use the other features, just disable both POP and IMAP under the Forwarding and POP/IMAP section of Settings.

Control your chat.

Under the Chat heading of Settings, change Auto-add Suggested Contacts to only allow people you have explicitly approved to chat with you and see that you are online. It’s an easy security feature, and it has the added benefit of cutting down on awkward conversations you don’t want to have. A win-win!

Turn on Dual Authentication

We’ve saved the most important for last. Dual authentications, aka two-step verification, makes it vastly harder for other users to access a user’s account without permission. Standard authentication is one-step: enter the password. Dual authentication adds a second step: when logging into an account on a new computer or device, enter the password, then enter a code delivered to the user’s mobile. It’s a modest inconvenience that dramatically increases Google Apps security; any troublemaker would need both a user’s email password and physical access to the user’s mobile phone to get to their email.

Activate Dual Authentication by going to Google Account settings (in the dropdown under a user’s name and picture), subsection Security, then choosing ‘Setup’ under 2-step verification.

Google Apps security is essentially all taken care of on Google’s end. With a little mindfulness and the settings tweaks mentioned above, Gmail will be just as secure on your end as it is on theirs.