Let’s welcome the new year all prepared, with painful end of year Google Workspace admin tasks behind us.
It’s the end of the year and there are many tasks you need to look after before that Holiday lethargy sets in and BAM, it’s a new year already ⏰
And because these end of year Google Workspace admin tasks can feel quite overwhelming at first, in this post we’ll help you complete and streamline them as fast and easy as possible this year.
Now let’s dive in together, shall we…
9 End of Year Google Workspace Admin Tasks 👮
Get all your Security Alerts in Order
So what’s your Google Workspace security alerting plan in 2021? Have you set up alerts for the things that matter the most?
Below is a Checklist of a few things you’d want to check your security alerts for:
|InfoSec:||If a file contains sensitive information, are you aware? — Do you have an automatic way to handle these exposed files?|
|Data recovery & Backup:||How do you backup and recover data back to Google Workspace?
Do you handle it manually or have a tool for it?
|DLP:||Are your DLP alerts and controls for Gmail and Drive in order? (Check #3)|
|Third Party Apps:||Which third-party apps can access your Google Workspace Data and what’s their risk level?|
Reassess Other Admin roles
After you’ve deployed and checked all of the above alerts, you’ll want to take a step back and reassess other admin roles or ‘privileged users’ in your domain.
Here, you need to focus on TWO important questions:
- Should that user really have such privileges?
- Have they been doing a good job managing their admin tasks or perhaps you need ‘delegated auditors’?
(The Delegated Auditor feature in GAT+ gives non-Google Admins responsibility over selected areas of users’ data without them gaining access to the Google Workspace Admin console.)
To learn more about the different Google Workspace Admin roles you can assign checkout this blog post.
This one of the most important Google Workspace Admin tasks you’ll want to complete every year if you have a large domain with different admin roles.
As a Google Admin, you need to audit internal and external file sharing in your domain.
This end of year Google Workspace admin task is not just end of year audits, but you need to do it regularly to spot any unusual ‘trends’ reflecting malicious activity in your domain.
To do that simply refer to the File Sharing Exposure report in the Admin console of the Business edition and set it to cover up to 180 days back. You can also set up different sharing permissions if you have the Business (or higher) edition.
These options, however, provide limited flexibility and require regular manual reviews of shared items and sharing permissions. Hence, one thing you can do is automate file sharing exposure reporting now for 2021.
1.Via the Google Access Manager.
(However it requires significant effort to develop, customize and maintain scripts on a regular basis).
2. Alternatively, you can use GAT+ to find and report on all files shared in and out of your domain and take immediate actions, like removing any shares or copy and download any file you want to via GAT Unlock.
(This will save you plenty of time and effort, as well as give you peace of mind moving forward into 2021).
DLP in Drive and Gmail
Sometimes users may accidentally share sensitive data or add classified information later on to folders already shared out externally. And that my friend is every security officer’s nightmare as it can have huge consequences.
To that, setting up alerts based on specific content within documents, spreadsheets, presentations, PDF, and text files shared out is a smart idea.
A. DLP in Drive:
For Enterprise; Enterprise for Education editions, you can Scan and protect Drive files using DLP rules, covering Google Sheets, Docs and Slides. Read more here.
However, if you’re looking for a much more powerful solution you can use GAT + to set up real time Google Drive DLP Alerts for files with specific content shared outside your domain.
Getting these DLP alerts in real-time helps you act faster and handle accidental data mishaps better.
B. DLP in Gmail:
For Enterprise; Education and Enterprise for Education you can use Google’s Gmail DLP which lets you use predefined content detectors when scanning inbound or outbound email. Read more here.
Gmail Inbox Audit
Now onto the correspondences your Google Workspace domain users RECEIVE rather than share. Particularly things like Phishing attempts and Spam emails.
While there isn’t a 100% guaranteed method to protect users against receiving and opening these emails, raising your users’ Phishing awareness is your first defence line here.
To that, you may share our 5 Tell-tale signs of a phishing email with your users, especially now that it’s the most ‘phishing-abundant’ time of the year.
Alternatively, as an Admin, here are a few things you can do from your side:
- Advise users to Whitelist important domains to hit that balance between receiving too much Spam and missing out on important emails.
- Make sure you have a ‘Damage Control’ solution that allows you to remove emails received by all or any of your domain users in BULK.
GAT Unlock’s Bulk email removal feature helps you remove:
- Phishing emails
- An email sent to the wrong user or group
- An email containing inappropriate content
- An email containing sensitive information
- An email that has gone past spam filtering
Drive file Structure Management
Another end of year Google Workspace Admin tasks you’ll want to look into is how your Shared Drive is structured. More specifically, what files lie in personal or ‘My Drives’ and need to be moved to ‘Shared Drives’ and vice versa.
Why is Drive file structure management important for Google Admins?
- Information Security: It ensures that the right users have the right access to the right data.
- Data Loss Prevention: It makes it easier to enforce DLP rules and prevent accidental loss or leakage of files that contain sensitive or important data.
- Efficiency: It helps teams and users work together more efficiently in the cloud.
You may be thinking ‘but there are so many files and folders generated this year alone that it requires some serious Cowboy tools’.
Well, thankfully, in the digital world, relocating important Drive files doesn’t need to involve much heavy lifting.
How to restructure Google Drive files easily? — Checkout this post.
Declutter Google Groups
Google Groups help you communicate faster and more easily. However, at the end of every year, you’ll want to maintain and declutter those groups to make them more efficient.
Here’s a checklist of things you may want to consider:
- Empty Google Groups
- Groups with only external members
- Groups with external members
- Groups without owner(s)
To that you may need to audit, manage and change them, GAT+ gives you all these capabilities in one place saving you time and giving you a comprehensive view of your Google Groups.
Onboarding/ Offboarding and Modifying Google Users
The first quarter of every year usually witnesses a noticeable surge in user onboarding and offboarding operations as new vacancies come up and hiring operations take place.
To that, before embarking on to the new year, you’ll want to assess how you handle your user onboarding and offboarding operations.
For instance, do you onboard and offboard users manually or do you use automated workflow? How do you handle leavers’ accounts and transfer file Ownership of suspended users?
Tackling this early on in the year will help make this first quarter of 2021 A LOT easier for you. It’ll also save you plenty of time and effort usually spent on repetitive tasks that can otherwise be automated.
Audit Third-party Apps
Lastly, you’ll want to Check and Control which third-party & internal apps your users use and which of these apps can access Google Workspace data.
You can easily do that by following the steps outlined by Google here.
However, if you’re looking for more granular controls over this particular area such as the ability to filter apps by level of access or creating a policy banning or allowing the use of certain apps for a certain group of users (Ex. allowing the use of social media apps for marketing teams but banning them for all other users) you can use GAT+ to achieve that and more.
Remember, third-party apps can infect devices with malicious codes like ransomware and adware so you’ll want to audit their access to your domain data regularly.
Well, that’s it for your 9 end of year Google Workspace admin tasks today! — We hope that you’ve found this post helpful and wish you a happy, secure and efficient new year ahead 🎄