Google is in the process of rolling out a new Gmail attachment compliance policy to all G Suite customers. The new settings, which are optional, allow for G Suite administrators to configure scanning of the content of an attachment to prevent corporate data loss.
Previously, G Suite admins could configure attachment scanning but it would only scan the header of the attachment of configured file types (like .docx, .pdf, etc). The problem is that users could change the file extension to bypass the scanning and thus get the corporate data out of the corporate network.
The new configuration allows for admins to setup to scan the contents of particular file types, giving far more control over data leaking out of the company, maliciously or otherwise.
The new feature will roll out to all customers over the course of the next few days and it is disabled by default. Admins who want to enable the feature can do so in the admin control panel for your domain. While it isn’t 100% foolproof, it is a big step forward in keeping corporate data in the network and not falling into the wrong hands.
You can read the full blog announcement of the new feature here.