3 Simple Google Workspace Admin Security Practices for Starters

Google Workspace Security

See GAT Labs
in action

Table of Contents

Many Google Workspace admins feel quite overwhelmed when they’re first assigned the job.

There’s a lot to look after, from everyday user management tasks like onboarding and offboarding users, to looking after their domain security, which is a critical task.

The good news is, it’s easy to get started on your domain security right away with the three security practices we’ll share in this post.

Consider them your gateway to securing your data from leakage, loss and insider threat.

But before we dive in, let’s start with a few basic questions we noticed people ask throughout our interactions in the industry.

 

What is Google Workspace (formerly G Suite)?

Google Workspace is Google’s Office suite — a powerful set of cloud-based tools that includes Gmail, Meet, Calendar, Drive for storage; Docs, Sheets, Slides, Forms, and Sites for collaboration. 

 

What is a Google Workspace Admin?

The Google Workspace admin is the person at a company, school, or organisation who manages Google services for users.

Admins are responsible for administering the most crucial Google Workspace operations.

That includes adding/removing users, setting permissions for/and installing apps from the Marketplace, managing company data, billing, reviewing usage for security problems.

Checkout our blog post: Google Workspace Super Admin vs other Admin Roles for more.

 

Why is securing your Google Workspace environment important?

Imagine having a chest of rare jewels in your house, you’d want to keep it as safe as possible, right?

You might even consider investing in a good safe to close guard your treasure.

What about your data; your most valuable business assets? You get the picture now.

Your Google Workspace environment holds your most valuable data, from sensitive files and folders to private documents, details about Calendar events, client data, contracts, etc. That’s why auditing and securing your domain from the inside out is a top priority.

 

Three Google Workspace Admin Security Practices for Starters:

 

1. Enforce two-step verification

The first practice you’ll want to adopt is enforcing (not just enabling) two-step verification for all your Google Workspace account users. 

Two-step verification is like fitting a second lock to your house, whereby users will need an additional code to log into their accounts besides their password. 

That code is sent to their phones through text, voice call, or mobile app. Additionally, if they use a Security Key, it can be inserted into their computer’s USB port and voila! Easy and secure access guaranteed.

 

2. Identify unusual spikes in the Highlights Report in your Admin Panel

The ‘Highlights Report’  is your first whisperer of early signs of trouble.  It shows key metrics and trends in your domain, whereby any unusual or suspicious spikes should always be treated as alerts. 

Below are the three main metrics to constantly audit and observe:

1. General Google domain usage:

Things like multiple failed login attempts or logins from odd geolocations are red flags you should be alert to. These usually indicate that someone is trying to compromise/ or has in fact compromised one of your users’ accounts.

2. Drive File sharing:

Lookout for unknown sharing parties or abnormal file sharing, download or transfer. This can indicate that your domain is breached and is either leaking data, or is infected with malware.

Checkout our 6 Google Drive Data Loss Prevention Practices every CIO Must Know.

3. User status, storage and security:

This chart shows you if any user granted access to their account to any unauthorised third-party app. You’ll also see any abnormal addition or deletion of files, or sudden fluctuation in file storage.

 

3. Backup your Google Workspace data regularly

You know the wise old saying, ‘better safe than sorry’. 

Getting into the practice of regularly backing up your data is one of the best things you can do as a Google Workspace admin.

It simply limits the chances for data-loss if your Google Workspace data ever gets accidentally or maliciously compromised. 

Bonus Tip 

Protect yourself against phishing attacks by deploying the Password Alert extension which will detect if users enter their Google password into any websites other than the Google Sign in page.

Learn more about password alerting here.


Additional Google Workspace Security and Powerful Insights 

Your Google Workspace has incredible capabilities for your business, but you need to fully secure it as well as learn how to harness its full resources to access intelligent data that you can build on. 

That is why businesses are loving GAT, the exclusive security and audit tool for Google Workspace.

GAT helps businesses grow safely and wisely by offering optimum Google Workspace security and detailed analysis beyond that available in the admin console.

This enables admins to take more granular actions, perform bulk actions faster and see the FULL picture of their domain security.

To learn more about our solution and how GAT can help your business click here, or schedule free demo now with our team.

Stay in the loop

Sign up to our newsletter to get notified whenever a freshly baked blog post is out of our content oven.

Related Posts

Admin

Google Workspace Admins’ Most Liked Blog Posts in 2022

Google Workspace Admin, are you a lifelong learning fan?  If so, you are in good hands. Instead of looking for learning opportunities blindly somewhere, take …

Read More
Admin

New Year Gmail Clean-Up for Google Admins

It’s a moment of truth, Google Workspace Admin – did your domain users finish 2022 with a mess in their Gmail? If you said “yes”, …

Read More
Admin

Christmas Phishing Emails you Need to Watch out for

Every year online hackers improve their methods of tricking to use them during the festive season. Christmas phishing emails are one of the gifts no …

Read More
Admin

True or False? 4 Questions for Google Workspace Admin

Google Workspace Admin may have and receive a lot of questions about this tool and we totally understand that – it’s a complex package of …

Read More