A MAP to Remote Work Security in Google Workspace’s Admin Console
The way we work has changed — almost permanently for some organizations.
With that our IT needs and security priorities have also changed as new security vulnerabilities and requirements emerge every day.
For Admins, robust auditing practices have always been an integral part of the cloud security game. However, when it comes to hybrid and remote work security there are a few specific areas you’ll want to focus more on.
To help you make these security checks more organized we’ve created a map of the most important areas to regularly audit (and secure) in your Google admin console.
Rule of thumb: Any unusual spikes in these reports are your cue to further investigate.
1. Check Google Workspace User Logins
A big chunk of remote work security incidents happens because of poor Identity and Access Management (IAM) practices.
That’s why auditing and securing Identity management is a prerequisite to identifying and addressing relevant gaps hackers can exploit to access your systems.
IAM Reports to Monitor
1. User login attempts report: Identify spikes in the amount of failed and suspicious logins in your domain.
2. Security report: You’ll find it under User Report. From there you can check which users skip Two-factor Authentication (2FA).
2. Google Workspace DLP (Data Loss Prevention)
Tracking who has access to your domain is no longer enough.
As employees work remotely most of their data collaboration happens in the cloud (Drive and Email mainly).
DLP Reports to Monitor
1. Data Protection Insights reports: Understand what sensitive information is stored in your domain and make more informed decisions to protect it accordingly.
2. File exposure report: Get insights into how file sharing exposes your domain’s data.
3. DLP incidents report: Check the number of DLP incidents within a specified date range.
3. MAP Employee Devices
Remote employees like to use personal devices more often to complete quick or urgent tasks.
That’s why it’s not uncommon to have users logged into their work accounts from multiple devices.
While this makes for easier employee collaboration, it certainly increases the need to audit and secure this area in your admin console.
Device Security Reports to Monitor
- Compromised device events report: View device IDs, device owners, and the timestamps of compromised devices.
- Failed device password attempts report: Monitor the number of failed login attempts on your corporate devices during a specified time range.
- Suspicious device activities report: View details of suspicious activities on your corporate devices during a specified time range.
4. Google Chrome Browser Security
Take your remote work security out to the Chrome browser.
You can gain incredible insight into your users’ remote work security (assuming they mainly use Google Chrome) by digging a little more into your Chrome browser security reports.
For example, you can view things like unsafe site visits, file uploads, download activity, etc.
Chrome Security Reports to Monitor
- Chrome threat protection summary report, Overview of various Chrome-related threat categories and related activities.
- Chrome Data protection summary report, Overview of the number of Chrome-related incidents for the top data protection rules.
- Chrome high-risk users report, Overview of users who have encountered the highest number of unsafe Chrome-related events.
- Chrome high-risk domains report, Overview of the domains that are most risky for your organization, ranked by the number of unsafe attempts.
5. Email Phishing
Hackers like to go phishing for remote workers.
Phishing is a nagging pain for almost all organizations when it comes to security.
Hackers like to prey on trends like hybrid and remote work and constantly reinvent their scams — Meanwhile, employees aren’t always able to spot these threats.
That’s why employee phishing awareness should stay at the very top of every organization’s cybersecurity strategy, coupled with vigilant auditing and security practices.
Phishing-related Reports to Monitor
- Spoofing report: See the number of messages that show evidence of potential spoofing.
- Suspicious attachments report: View the number of messages with suspicious attachments.
- Authentication report: View the number of messages that meet, or don’t meet, email authentication standards.
Best Practice: Train users to report messages in their inboxes as ‘spam’, ‘not spam’, or ‘phishing’. This helps Gmail identify similar phishing messages in the future.
You can share our blogs post 5 Tell-Tale Signs of a Phishing Email with your users to build up their phishing spotting skills.
The Power of Security Alerts
Alerts (especially real-time ones) are one of the most powerful ways to stay ahead of remote work security threats and take prompt action before a small problem becomes a much bigger one.
Here at GAT Labs, we’ve developed a powerful toolset that allows admins to create more granular alerts to secure the finest bits of their remote work environment, in both Google Workspace and Chrome, including:
- Email Delegation Alerts
- Alerts for Newly installed Apps
- Alerts for Disabled Two-factor Authentication (2FA)
- Alerts for Users’ logins from outside your country
- Drive Alerts on files Shared Out
- Drive Alerts on the number of Downloaded files
And much more…
You can also kickstart your 15-day trial straight away here.
Stay in the loop
Sign up to our newsletter to get notified whenever a freshly baked blog post is out of our content oven.