It’s been an exciting journey growing and leading the security and audit market for G Suite and Chrome. The best part of our story though is that we got to meet a lot of interesting people from different walks of life and build great insight into the G Suite realm.
One thing we noticed along the way is that many G Suite admins don’t realise the security implications of the role when they first sign up for it. While security can obviously mean different things to different people in general, if you are a G Suite admin the security of your domain is pivotal.
I mean let’s face it, with the soaring number of data breach and data leakage incidents out there, no one is safe. Even worse, if anything goes wrong, the G Suite admin will always be held accountable for it, Yikes right?
The good news is that it’s easy to get started right away with our three recommended fundamental practices to a more secure domain. Consider them your gateway to securing your data from leakage, loss and insider threat.
But before diving in, let’s start with a few basic questions we noticed many people ask throughout our interactions in the industry:
What is G Suite?
Yes, because it was previously known as Google Apps many people are still unfamiliar with the new term.
Simply put, G Suite is Google’s Office suite. It comprises a strong set of cloud-based tools including Gmail, Hangouts, Calendar; Drive for storage; Docs, Sheets, Slides, Forms, and Sites for collaboration.
What is a G Suite Admin?
The G suite admin is the person at a company, school, or organisation who manages Google services for users. Admins are responsible for administering the most crucial G Suite operations.
That includes adding and removing users, setting permissions for/ and installing apps from the G Suite Marketplace, managing company data, billing, and reviewing usage for security problems.
Here is how to log into your G suite Admin account.
Why is securing your G Suite important? 🔐
It’s quite simple. Imagine having a chest of rare jewels in your house, would you walk out and leave the door unlocked behind you? I’m guessing not. You might even consider investing in a good safe to close guard your treasure.
What about your data; your most valuable business assets? I think you get the picture now.
Your three fundamental G Suite Admin Security Practices:
ENFORCE two-step verification 🗝️
The first practice you’ll want to adopt is enforcing (not just enabling) two-step verification for all your G Suite account users.
- Two-step verification is exactly like fitting a second lock to your house, whereby users will need an additional code to log into their accounts besides their password.
- That code is sent to their phones through text, voice call, or mobile app. Additionally, if they use a Security Key, it can be inserted into their computer’s USB port and voila! Easy and secure access guaranteed.
↪️ To set up two step verification simply follow these steps.
Identify unusual spikes in the Highlights Report in your G Suite Administrator Panel. 📉
The Highlights Report 📈 is your first whisperer of early signs of trouble. It shows key metrics and trends in your domain, whereby any unusual or suspicious spikes should always be treated as alerts.
But what exactly should you watch out for? Here are the three main metrics to constantly observe:
1. General Google domain usage:
Things like multiple failed login attempts or odd geolocation are red flags you should be alert to. They usually indicate that someone is trying to compromise/ or has in fact compromised that user’s credentials.
2. File sharing:
Lookout for unknown sharing parties or abnormal file sharing, download or transfer. This can indicate that your domain is breached and is either leaking data, or is infected with malware.
3. User status, storage and security:
This chart shows you if any user granted access to their account to any unauthorised third-party app. You will also be able to see any abnormal addition or deletion in files or sudden fluctuation in file storage.
Backup your G Suite data regularly 👏
You know the wise old saying, ‘better safe than sorry’.
Getting into the practice of regularly backing up your data is one of the best things you can do as a G Suite admin. This simply limits the chances for data-loss if your G Suite data ever gets accidentally or maliciously compromised.
Protect yourself against phishing attacks by deploying the Password Alert extension which will detect if users enter their Google password into any websites other than the Google Sign in page.
Learn more about password alerting here.
Additional Security and Powerful Insights 💡
Your G Suite has incredible capabilities for your business, but you need to fully secure it as well as learn how to harness its full resources to access intelligent data that you can build on.
That is why businesses are loving GAT, the exclusive security and audit tool for G Suite. GAT helps businesses grow safely and wisely by offering optimum G Suite security and detailed analysis, enabling them to make better decisions and take decisive actions faster.
To learn more about our solution and how GAT can help your business click here.
Or better yet book a demo now here.
InfoSec Blogger and Content Marketing Editor ☁️