What is Push?
Overview
Push protects your digital work life by guarding against phishing and other kinds of online attacks that target employee accounts. Push also finds security risks with the online accounts you use and helps you resolve any issues that could lead to account compromise or company data loss. Push makes it easy to do the right thing.
Push’s job is to sit quietly in the background and only notify you if we find something like:
A malicious website that could steal company credentials.
A password that's being reused between your company SSO portal and other apps.
Missing multi-factor authentication protection (MFA).
When we have a security recommendation for you, we’ll share it in short, easy-to-understand messages sent by the Push chatbot in Slack or Microsoft Teams, and/or shared directly in your browser, depending on your organization’s Push configuration. Whenever we can, we make it easy to take action on our recommendations in one click.
Push also helps your security team understand whether company data is stored securely in online apps by keeping an inventory of what employees log into using their work accounts. These can include common productivity SaaS apps like Dropbox and Trello as well as technical apps like GitHub and Postman or those that store customer data like Hubspot and Salesforce.
Push also checks for risky or untrustworthy apps in use at your company so your security team can take action to remove them.
This information helps protect your organization and the people it serves, such as customers, patients, or clients, against having their data stolen and their lives disrupted by a breach.
How does it work?
Push uses a browser extension to protect against phishing attacks in the browser, and to find any security issues associated with your work accounts. Note that Push only monitors logins where you are using your work email address. If configured by your administrator, Push can also monitor all logins to work apps, regardless of what email address is used.
If Push finds an issue with the passwords associated with these logins, we flag them for your security team. If your administrator has configured Push to work directly with employees, the Push chatbot will also message you directly to help you resolve the issue.
Push can also display security guidance directly in your browser using banner messages.
Push also integrates with your company’s primary work platform to inventory apps you log into with a social login, such as Sign In with Google and Sign In with Microsoft.
This integration also:
Checks for MFA usage across the company.
Finds any external mail forwarding rules that can be a sign of a compromised email account.
Collects the third-party integrations you create using your Microsoft or Google work account, such as calendar and file-sharing extensions or other tools.
If your company uses the Push chatbot, we may also message you to sign up for MFA, verify that an external mail forwarding rule is legitimate, or ask you if you are still using an old third-party integration you may have forgotten about. We’ll only message you when necessary.
Privacy and security
The sole reason Push exists is to improve security, so protecting your data is a top priority. We make considerable efforts to secure your personal information and we aim for full transparency on how we gather and use your information within our service.
Learn more about how we protect your information in Your privacy.
How to set up Push
Setup is simple. Your security or IT administrator will either install Push’s browser extension automatically for you, or ask you to install it yourself by clicking a link sent via email or chat message.
Learn more about installing the browser extension in Enroll your browser.