In this blog, we will know all about the best practices on Google Workspace security. Online security is of utmost importance to stay safe and protected in this digital era. It safeguards your personal as well as business data from the perpetrators. Similarly, you can protect your Google services through Google Workspace security essentials. These security checklists are applicable for individual users and small, medium, and large business owners. Admins have the most powerful Google Workspace accounts. So, they are responsible for imposing security norms on their users’ Google accounts.
Best practices for small businesses
- Account protection:
Passwords are the first and most important requirement for Admin and user accounts. Thus, Google always encourages users to use unique and strong passwords. Also, it recommends not to reuse a password again. Additionally, you should use lengthy passwords, at least 12 characters. For example, you can use a sentence from a book, a series of meaningful words, a meaningful quote, a lyric from a song or poem, etc. You must avoid passwords which are easily recognized by people.
Also, you shouldn’t use your data like – birthdays, phone numbers, nicknames, addresses, etc. Again, avoid using simple words, combinations, and numbers, such as –‘abcd’, ‘1234’, ‘xyz’, ‘password’, etc.
- 2-step verification (2SV) protects your password from being stolen by someone. 2SV requires some unique data in the first step that is only known to the actual owner of the password. In the second step, they need to enter an access code or physical key for the 2SV. A hacker can steal your password, but they never get your unique data and security key. Thus, Google recommends using 2SV for every Google Workspace account.
- Admin can add recovery information to their account. It will help them to access their account in case they forget the account password. Also, it helps to block persons who have unnecessary access to admin or users' accounts.
Note: You should use an email address for the admin or user's sign-in that is different from the Google Workspace account email. Also, choose a mobile number that only belongs to the admin or user and easily gets text messages.
- For a business, it's necessary to have multiple super admin accounts. Manage these accounts individually. If the primary super administrative account becomes compromised, the backup super admin can perform critical tasks to recover the primary super admin. When you assign a user in a super admin role, they can add and remove other users. Also, they can handle additional management portions of Google Workspace. You can create a super admin role by following these steps.
- If a super admin encounters difficulties when resetting passwords through recovery information, and another super admin lacks the necessary permissions to address this issue, they have the option to contact Google support.
- Moreover, enable your auto-update policies for Google apps and Chrome browsers. The admin can manage auto-update policies for Chrome browsers, such as – turning on auto-updates, scheduling auto-updates outside work hours, cache updates for reducing bandwidth usage on a network, auto-updates for particular apps, etc. Learn more from Auto-update policies.
Protection for Google products
These security practices apply to Gmail, Drive, Calendar, Docs, Sheets, etc.
- Google has the feature to scan incoming messages on Gmail to defend from phishing. Phishing is a cybercrime activity practiced by scammers. It's a trick to make the user reveal their sensitive information like – passwords, bank account numbers, and other information. So, as an Admin, you can enable the pre-delivery message scanning by Gmail. When it identifies a phishing message, it displays a message to the user and moves the message to the spam folder. Also, Gmail can perform additional security checkups for an email with suspicious content. Learn more about preventing phishing here.
- Google Calendar may contain sensitive data. So, you can control the users by limiting their ability to share it with external users. For example, when you set this limit for 'Free/Busy' schedules, external users can only see the 'Busy' schedules. Also, you can set a default sharing limit of calendars within your organization's users. Learn to Set a Calendar sharing option to know more about this.
Note: Admins and super admins can see all the event details on the calendar if they have Meet hardware management permission.
- You can control external sharing of files from Google Drive, Docs, Slides, Sheets, Sites, etc. Depending upon the Google Workspace edition, you can turn on or off external sharing for the parent organization, child organization, or configuration group, restrict link sharing if external sharing is on, permit sharing content within certain domains, and restrict external users to access content from a shared drive. You will get additional information from Manage external sharing for your organization.
Best Practices for medium and large businesses
1. Admin and user accounts
You have already learned about the security requirements for admin and user accounts. Also, you can set up report and alerts for compromised accounts, such as – Account activity reports, adding employee ID as a login challenge, maintaining data security after an employee leave your organization, admin email alerts, etc.
You can also use Google Endpoint management to protect your users' accounts and work data. It applies to all types of devices like – mobiles, desktops, laptops, and other endpoints within your organization. For example, you can remove work data from missing and unmanaged devices. When a device of your OU goes missing or a staff member of your organization leaves, your corporate data will be at risk. So, you must wipe their work data and work account from the device. If you have advanced management, you can wipe the data of the entire device. Also, you can use device encryption to protect your data from misuse. Learn another security checklist for device management.
3. Google Workspace Apps
- You can control which third-party apps can access your Gmail and Drive. You can control access to Google Workspace services through OAuth 2.0.
- You can block the sign-in attempts from less-secure apps. These apps never use the latest security standards like OAuth. Thus, you need to block them.
- You can enable client-side encryption for Google Drive, Meet, Gmail, and Calendar. You can use encryption keys to protect your OU's data.
4. Google Groups
- You can ensure secured access to data and resources to reduce data leakages. For example, you can prevent unsecured and external groups from joining a Google group, apply security policies, etc.
- Customize your group settings by who can access, moderate, and post in your Google groups. There are default roles of manager, owner, and members.
- You can disable the configurations like - public access, allowing anyone to post your group, and accessing the internet for anyone.
- You can create specific admin roles to perform some specific admin tasks. Also, assigning multiple admin roles is available for a user. For example, if you create a User Management Admin role for a person, he can access and modify specific settings for the non-admin people.
5. Google Sites
- Control who can share files in Google Sites. For example, you can allow or block people outside your organization from sharing files and create a default setting for link-sharing. Moreover, you can use Google Drive sharing settings.
- You can use classic Sites sharing options for the users in your domain. So, you can set different options and decide whether your domain users can share files with external domain users. You can get options like opening sites to anyone on the internet, creating a warning for the users when they share a site in public, making the sites viewable outside your domain, etc.
6. Google Vault
- Google Vault enables auditing Vault users' activity across Vault or specific methods. Auditing across Vault shows edited retention rules by Vault users. The specific method of auditing enables one to know about the downloaded files on users' devices. The audit data includes data like – date, user, name, email, action, resource URL, query string, etc.
- Also, follow the administrator roles for Vault.
- Admin Audit log
Review your Admin log events from the audit and investigation page. From this page, you can find out when an admin adds a user from the Admin Console, activate Google Workspace services from them, etc. Also, you can find several data sources from this page, such as – actions, actors, data source, device ID, Google Workspace edition, and more. Source
- Security center
The security center provides advanced security reports and analytics about your domain. It helps to strengthen the advanced settings of the Admin Console. It has three sections – security dashboard reports, security health page, and investigation tool.
- From dashboard reports, you can find reports and charts from several security centers. Data from these reports is updated every 15 minutes.
- The security health page enables monitoring on Admin Console settings. As a result, you can find out the security risks. Also, you can manage these risks with security guidelines and your organization’s security management policies.
- The investigation tool helps you to access data about different devices, access email messages, access Gmail logs and find out, remove spam messages and mark them, access the log data of your device, and access the log data of Google Drive.
Use Foresight to enable the power of automation
By using a robust automation platform like Foresight you can streamline your business operations and empower Google Workspace workflows easily. The smart solutions of this SaaS platform don’t require any expertise in automation scripts. It helps the admin and users to handle their tasks effortlessly within a short period. In this way, it improves the efficiency of your employees and enhances productivity.
You can find different types of use cases for admin and users. There are admin use cases for Google Workspace security like Apps Reporting and Getting Alerts in Google Workspace, etc., and user use cases like Mail Merge Using Gmail and Foresight, etc.
Now, you have a clear understanding of Google Workspace securities and best practices. These security policies are essential for protecting your Google Workspace account from data breaches, spamming, phishing, and other malicious activities. Moreover, you will learn these security policies from the use cases of Foresight.