October is Cybersecurity Month, and honestly, it’s a good excuse to finally do that security audit you’ve been putting off. You know the one.
If you’re managing Google Workspace, you probably already have decent security in place. You’ve got two-factor turned on (hopefully), you’re using the security center, and you’ve blocked a few sketchy apps. But even well-run domains have blind spots. Little things that don’t seem urgent until they become very urgent.
I’ve been working with Google Workspace admins for years, and I keep seeing the same gaps pop up. The frustrating part? Most of them are fixable in an afternoon. You just need to know where to look.
So let’s walk through five areas that tend to fall through the cracks. No complicated overhauls, just practical things you can check and fix today.
1. Drive File Sharing (Especially the Files You Don’t Own)
Here’s something that catches people off guard: files that live outside your domain but are shared with your users. Someone at a vendor company creates a spreadsheet, shares it with your team, and suddenly you’ve got potentially sensitive data that doesn’t show up in your normal Drive reports. You can’t control it, you might not even know it exists, and if that vendor’s security is weak, well… you’ve got a problem.
The files your own users share externally are easier to spot, but they still add up quickly. People get busy and click “share with anyone” without thinking.
Start with Google’s Drive Sharing Reports to see who’s sharing what. If you want the full picture across thousands of users, including those externally owned files, GAT+ goes further. It shows you everything, gives you file-level visibility, and lets you take action at scale instead of chasing one-off issues.
2. Phishing (Because It Still Works)
Google’s spam filters are solid, but phishing emails are getting better too. And it only takes one user on the wrong day to click the wrong link. Once an attacker gets in, they can move fast.
Ensure that two-factor authentication is enforced for everyone. Check for strange Gmail forwarding rules, because attackers love to use them to quietly siphon data. And watch your activity logs for login attempts or other unusual behaviour.
If you’re tired of digging through logs, GAT+ can flag suspicious patterns and send you alerts. Even better, it allows you to find and remove phishing emails from every mailbox in your domain at once. That’s not only useful for phishing, but also when:
- ▪️ An email has been sent to the wrong user or group
- ▪️ An email contains inappropriate content
- ▪️ Sensitive information was shared accidentally
- ▪️ A spam message slipped through Google’s filters
With GAT+, you don’t have to wait for users to report these issues. You can act immediately and clean up every affected inbox before damage spreads.
3. Third-Party Apps (The Ones People Install Without Asking)
Your users mean well. They find an app that makes their job easier, they install it, and they breeze through the permissions screen without really reading it. Next thing you know, some random productivity app has full access to everyone’s Drive files.
Head over to Security > API Controls in your Admin Console and review what’s connected. You’ll probably find a few surprises. Check what permissions each app is asking for. Does that note-taking app really need access to Gmail? Does that scheduler really need to modify Drive files?
Block anything that looks suspicious or hasn’t been used in months. If you want more control, for example, allowing certain apps only for specific teams, GAT+ lets you set those rules. You can allow or block apps by scope, organizational unit, or group, so Marketing keeps the tools they need while Finance stays locked down.
4. Insider Threats (Which Usually Aren’t Actually Malicious)
Most insider incidents aren’t elaborate cyberattacks. They’re usually someone downloading a batch of files to work offline before a flight, or accidentally sharing something with the wrong email address. But accidental or not, the damage is real.
Keep an eye on who’s downloading files, especially bulk downloads of sensitive data. Watch for large transfers to personal Gmail accounts. Look for unusual sharing patterns, like someone suddenly sharing dozens of files externally. Even checking your logs once a week can help you catch issues before they escalate.
If you want to go further, GAT Shield lets you monitor activity directly in the browser. If someone starts a bulk download of sensitive files, you’ll know immediately. You can even block the action before data leaves your domain.
5. Suspended and Dormant Accounts
Suspended accounts are another weak spot. A contractor leaves, you suspend their account, and then forget about it. But those accounts still own old files and emails. If someone manages to reactivate or compromise one, that’s an open door into your domain.
Review your suspended accounts regularly. Check what they still own in Drive. Transfer important files to active users. Archive or delete the rest.
If you handle a lot of offboarding, GAT Flow can automate it. It transfers ownership, cleans up access, and secures data without you having to chase every single account.
Why This Actually Matters
Research shows it takes an average of 204 days to detect a breach. That’s nearly seven months of attackers poking around your environment. Every one of these gaps is a potential way in, or a way for them to stay hidden longer.
The good news is you don’t need a huge security budget to fix most of this. Start with the tools Google gives you. The Admin Console, audit logs, and Security Center cover a lot. Then, if you want the deeper visibility and automation to truly close these gaps, that’s where GAT Labs comes in.
Just Pick One and Start
You don’t have to tackle all five this week. Pick the one that worries you most and spend an hour on it. Then move to the next one. By the end of the month, you’ll have closed some real gaps.
Because here’s the thing: these vulnerabilities are sitting in your domain right now. The only question is whether you’re going to find them first.
Want a full picture of what’s actually happening in your Google Workspace environment? GAT Labs can run a comprehensive security assessment and show you exactly where your risks are. Book a demo today and let’s find those blind spots together.
Insights That Matter. In Your Inbox.
Join our newsletter for practical tips on managing, securing, and getting the most out of Google Workspace, designed with Admins and IT teams in mind.
