Private-Mail Blog

If you use Google Calendars for work, you might want to log in and change your settings. It’s possible that the public can see everything you’ve placed on your Calendar. It might even come up in Google search results for your company or your name. Many people are unaware that a small misconfiguration that’s very easy to accidentally make has taken their private life public, exposing a wealth of information in the process.

How Does the Information Go Public?

Google Calendars isn’t subject to a vulnerability, nor have they experienced a data breach. The flaw comes in the form of an easy misconfiguration that many users often make. Companies and coworkers have a tendency to share Calendars with each other, especially for corporate events or project management purposes.

The privacy issue comes into play when you choose to share that Calendar with a link. When the link is created, it’s indexed by Google and can be viewed by anyone who has or finds that link. In Google’s defense, they do warn users. When attempting to share a Calendar with another user via a link, a prompt reads: “Making your calendar public will make all events visible around the world, including via Google search. Are you Sure?”

For some reason, people are quick to agree without realizing how much information they could be jeopardizing. Sometimes, they do it because they feel as though they have no choice. There is no easy way to share a private Google Calendar, and may businesses need this sharing feature. This puts them in a position where they accept a bad risk in order to collaborate or get work done.

What Can People See When Calendars is Misconfigured?

When a Calendar can be shared via a link, it can be viewed by anyone who has or can find that link. Since the link is public, it’s indexed by Google search. This means people searching for information about your company can inadvertently stumble upon your entire Calendar. They’ll see all the phone numbers, email addresses, times, and dates that have been put into that Calendar.

The best solution is to simply avoid using Google Calendars. There are better collaboration and scheduling tools for businesses, most of which can be privately shared without the risk of Google indexing every single line and making it searchable to the general public.

Conclusion: Value the Privacy of Your Business

PrivateMail does what others don’t. We offer businesses a highly secure place for communication between team members. We utilize OpenPGP technology to make sending and receiving emails as secure as possible.

Our end to end encrypted email and cloud storage means that no one except the intended recipients will be able to access messages or attachments – we don’t even know what you’re sending. This means you can send trade secrets, internal memos, and financial data without fear that it will be intercepted and read by a third party (like Google) or a malicious person. To top it all off, we also offer a much needed calendar sync feature that won’t expose your plans to search engines. PrivateMail is an easy (and necessary) choice for the security of your business.