116 Gawler Place, Adelaide SA 5000 1800 818 875 [email protected]

HTM/HTML attachments

Blocking HTM/HTML Attachments In Google Workspace

Understanding how to enhance email security within Google Workspace is important for protecting sensitive business data. One significant step is blocking HTM/HTML attachments, which can be used maliciously in phishing scams or to deliver malware. Implementing restrictions on these file types can prevent potential breaches, safeguarding your business’s digital infrastructure and maintaining trust in your communications.

Jump to our step by step guide:

What are HTM/HTML attachments and why are they dangerous?

HTM/HTML attachments are files used to structure and display content on webpages, capable of containing text, images, and links.

However, their versatility and widespread use make them an attractive vector for cyber attackers. When malicious code is embedded in these files, unsuspecting users can trigger a security breach simply by opening an attachment, leading to consequences such as data theft, ransomware infection, or even complete system compromise.

Google Workspace 2

How do hackers use HTM/HTML attachments to breach Google Workspace?

Hackers breach Google Workspace using HTM/HTML attachments primarily through sophisticated spear-phishing campaigns and social engineering tactics. They craft emails that mimic legitimate correspondence, embedding malicious code within HTM/HTML attachments. When these attachments are opened by unsuspecting recipients, the code executes, potentially leading to unauthorised access, data exfiltration, or the deployment of malware. This method exploits the inherent trust in familiar formats and the integrated nature of Google Workspace, bypassing user vigilance and leveraging the platform’s features for malicious intent.

The Menace of Malware_Safeguarding Small Businesses_3

Is Google Workspace Safe?

While Google Workspace offers a secure foundation for business operations, the evolving nature of cyber threats means business owners need to implement more measures to enhance their cyber security.

Further, Google Workspace’s popularity and wide adoption across SMEs make it a prime target for attackers. Its integrated environment, which promotes seamless sharing and collaboration, can unfortunately also facilitate the spread of malicious HTM/HTML files within an organisation.

Therefore, it’s worth taking proactive measures to ensure that these potential threats are minimised before they can cause harm.

Google Workspace 1

Why should you block HTM/HTML attachments in Google Workspace?

Blocking HTM/HTML attachments in Google Workspace is a proactive cybersecurity strategy that serves multiple purposes:

  • Preventing Automatic Execution of Malicious Code: By blocking these file types, companies can prevent the automatic execution of potentially harmful scripts embedded in the attachments.
  • Reducing the Attack Surface: Limiting the types of files that can be received and opened within the organisation effectively shrinks the attack surface that cyber criminals can exploit.
  • Encouraging Secure Alternatives: Encouraging the use of safer alternatives for sharing and receiving information, such as secure file sharing services, can enhance overall security posture.

How to block HTM/HTML attachments an Google Workspace

1. Access the Google Admin Console: Sign in to your Google Admin console and navigate to the ‘Apps’ section, then select ‘Google Workspace’.

2. Go to Gmail Settings: Within the Google Workspace settings, find and select ‘Gmail’.

Google Workspace-Image1

3. Select Compliance: Scroll down to the ‘Compliance’ section to configure compliance features.

Google Workspace-Image2

4. Configure Attachment Compliance: Click on ‘Attachment compliance’ and then ‘CONFIGURE’ to set up new rules.

Google Workspace-Image3

5. Set Up a New Rule: In the ‘Add setting’ panel, choose which emails to affect (e.g., inbound) and add expressions that describe the content you want to search for in each message. Select ‘ADD’.

Google Workspace-Image4

6. Specify File Types: Under ‘Custom file types’, enter ‘htm, html’ to match files based on the file name extension.

Google Workspace-Image5

7. Choose the Action: to block all messages, click the arrow beside Modify message and select ‘Quarantine message.’

Google Workspace-Image6

8. Review and Save: After setting up the rule with the desired conditions and actions, review it and click ‘ADD SETTING’ or ‘SAVE’ to implement the rule.

Google Workspace-Image7

Implementing and enforcing your changes

While the benefits of blocking HTM/HTML attachments are clear, implementation must be approached with care. Organisations need to:

  • Clearly communicate the change in policy to all employees, explaining the reasons and the expected impact on workflow.
  • Provide training and resources on identifying potential phishing attempts and secure methods for sharing information. (See our FREE cyber security awareness training for employees!)
  • Ensure that legitimate business operations that rely on HTM/HTML files are not adversely affected by adopting alternative secure sharing practices.

Need more support?

Blocking HTM/HTML attachments in Google Workspace is a straightforward yet effective strategy to protect SMEs from a range of cyber-attacks.  However, in today’s climate, there are many more strategies business owners should implement to ensure their business is safe. 

If you’re looking to improve your cyber security, contact our team below, or check out our Cyber Security Packages – designed for Australian SMEs.

// Need more help?

Contact our team today.

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    Google Rating
    Based on 41 reviews
    Have questions? Search our knowledgebase.