Why do you need to secure Google Chat?
Unmonitored Google Chat spaces are like unattended classrooms — you never know what your most mischievous students (or intruders) are up to.
Which makes Google Chat security & safety monitoring a requisite in K-12 environments today. It’s also essential for CIPA compliance and other safety requirements.
In this post we’ll show you how to regulate Google Chat use across your school (or district), and mitigate data security and student cyber safety risks.
How secure is Google Chat?
Google Chat uses Transport Layer Security (TLS) and Chat content protection, which makes it safer than many Chat applications today.
However, the challenge with securing Google Chat at K-12 schools is more about ‘how it’s used’ rather than how it’s built.
For instance, students sometimes use Google Chat to share private information or inappropriate/harmful content with each other.
Verdict: Chat misuse and abuse is often the culprit behind nagging Chat security issues at schools.
How to secure Google Chat at your K-12 school?
1.Google Chat Monitoring
Google Chat monitoring goes at the top of the list.
It helps you stay on top of how Chat is being used across your school.
- Use the audit and investigation page in your admin console to track user conversations and room activity. For example, you can see when a user starts a direct message or creates a space.
- A 3rd party Google Workspace tool can also help you dig beyond the admin console for things like conversation duration and chat participants.
2. Turn Google Chat history ON for users
As an Admin you can turn Chat history on or off for your users.
However, Chat history can be a real life-saver when trying to audit sensitive or harmful content shared in Google Chat.
It also helps you investigate cyber safety incidents related to Google Chat use — like cyberbullying, harassment, etc.
You can also track contents of Chat conversations using a 3rd party tool like GAT Unlock for a more granular view (Chat history has to be ON for that).
3.Set up DLP for Google Chat
Speaking of content of Chat conversations.
DLP for Chat gives you control over sensitive data shared in Chat conversations.
Using the admin console you can create data protection rules to prevent data leaks from Google Chat messages and attachments (uploaded files):
- Create data protection rules specifically for Chat
- Create data protection rules for Chat and other apps (such as Drive or Chrome)
- Create data protection rules that block Chat messages and attachments
- Specify that the data protection rules cover a specific organisational unit or group (or for your entire school or district).
When a user sends a Chat message, DLP rules trigger scans of messages for sensitive content. Attachments are scanned when they’re uploaded.
Sign up for the DLP for Chat beta using this form.
4. Manage External Chats
Stranger danger is a real risk for students in the online world.
From potential phishing and malware messages coming from external users, to predators using fake Google accounts to lure in students.
Fortunately, Google Chat recently added warning banners to alert users to potential phishing attacks. A step that helps increase users’ Chat vigilance.
A good admin practice is to limit student chat with external users. Here are some options:
- Allow external chat with trusted domains only. Read more.
- Notify students when they’re chatting with someone outside your school. Read more.
- Disable external Chat all together for specific OUs.
5. Control file sharing in Google Chat
As an admin you can control how your users share files and images in Google Chat both within your school and externally here.
You can apply the settings to your entire school or certain OUs or configured groups only.
Admin options include:
- Allow users to externally share all types of files.
- Allow users to only share images externally.
- Disallow users from sharing ANY files externally.
- Specify which file types users can share internally.
Note: This setting has no impact on sharing links to files. It controls Google Chat only, so it also has no impact on sending photos and videos in classic Hangouts.
6. Manage Google Chat Spaces
Let’s not forget about Google Chat Spaces.
This last bit needs to be secured against external Chat as well.
Note: ‘Spaces’ used to be ‘rooms’. Google renamed it on Sep 8, 2021.
- If you’ve disabled external Chat for your users, users can’t create or join external Chat spaces — even if external spaces is On. However, if you’ve enabled external chat, users can still join external spaces — even if external spaces is OFF.
- You can also disallow users from creating Groups based on OU (If you configured a child OU for instance).
- If you have configured an allow list of trusted domains for Google Chat, you should also check this box for Chat spaces as well. Otherwise users won’t be able to create any external spaces.
|Still using Classic Hangouts?
Users can create unnamed group conversations in Hangouts if Chat externally is On.
The classic Hangouts group conversation can then show up in Chat as a new group chat with external guests.
Learn about the impending Hangouts transition to Google Chat.
7. Secure devices used for Google Chat
Devices can be the gateway for Google Chat security hazards.
As an admin you need to ensure users are not signed into Google Chat from public or unsecure devices.
Schools need to ensure Google Chat is a safe space for students and teachers to collaborate and communicate in real time everyday.
That’s why Google Chat security should be an indispensable part of your school’s overall Google Workspace security and monitoring strategy.
The above practices all work together to help you tackle various security risks associated with Chat use across your school or district.
Happy managing, Admins!
Found a particular Google Chat security or monitoring hack useful? — Give us a shout here.
Audit. Manage. Protect.
Discover how Management & Security Services can help you with deeper insight and on-call, personalized assistance.