K-12 Admin: How to Secure Google Chat at Your School?

Why do you need to secure Google Chat?

Unmonitored Google Chat spaces are like unattended classrooms — you never know what your most mischievous students (or intruders) are up to. 

This makes Google Chat security & safety monitoring a requisite in K-12 environments today. It’s also essential for CIPA compliance and other safety requirements.

In this post, we’ll show you how to regulate Google Chat use across your school (or district), and mitigate data security and student cyber safety risks.

How secure is Google Chat?

Google Chat uses Transport Layer Security (TLS) and Chat content protection, which makes it safer than many Chat applications today.

However, the challenge with securing Google Chat at K-12 schools is more about ‘how it’s used’ rather than how it’s built.

For instance, students sometimes use Google Chat to share private information or inappropriate/harmful content with each other. 

Verdict: Chat misuse and abuse is often the culprit behind nagging Chat security issues at schools.

How to secure Google Chat at your K-12 school?

1. Google Chat Monitoring

Google Chat monitoring goes at the top of the list.

It helps you stay on top of how Chat is being used across your school.

• Use the audit and investigation page in your admin console to track user conversations and room activity. For example, you can see when a user starts a direct message or creates a space.
• A 3rd party Google Workspace tool can also help you dig beyond the admin console for things like conversation duration and chat participants.

Did you know that with GAT Shield you can monitor who your users are chatting to on Google Hangouts Chat? Additionally, you can gather information about how long the conversation lasts and see the chat participants. Learn all about it here

2. Turn Google Chat history ON for users

As an Admin you can turn Chat history on or off for your users.

However, Chat history can be a real lifesaver when trying to audit sensitive or harmful content shared in Google Chat. 

It also helps you investigate cyber safety incidents related to Google Chat use —  like cyberbullying, harassment, etc.

You can also track the contents of Chat conversations using a 3rd party tool like GAT Unlock for a more granular view (Chat history has to be ON for that).

SEE: How to turn Google Chat history on or off for users?

3. Set up DLP for Google Chat

Speaking of the content of Chat conversations.

DLP for Chat gives you control over sensitive data shared in Chat conversations. 

Using the admin console you can create data protection rules to prevent data leaks from Google Chat messages and attachments (uploaded files):

• Create data protection rules specifically for Chat
• Create data protection rules for Chat and other apps (such as Drive or Chrome)
• Create data protection rules that block Chat messages and attachments
• Specify that the data protection rules cover a specific organizational unit or group (or for your entire school or district).

When a user sends a Chat message, DLP rules trigger scans of messages for sensitive content. Attachments are scanned when they’re uploaded.

Sign up for the DLP for Chat beta using this form.

4. Manage External Chats

Stranger danger is a real risk for students in the online world.

From potential phishing and malware messages coming from external users to predators using fake Google accounts to lure in students. 

Fortunately, Google Chat recently added warning banners to alert users to potential phishing attacks. A step that helps increase users’ Chat vigilance.

A good admin practice is to limit student chat with external users. Here are some options:

1. Allow external chat with trusted domains only. Read more.
2. Notify students when they’re chatting with someone outside your school. Read more.
3. Disable external Chat together for specific OUs.

5. Control file sharing in Google Chat

As an admin, you can control how your users share files and images in Google Chat both within your school and externally here.

You can apply the settings to your entire school or certain OUs or configured groups only.

Admin options include:

1. Allow users to externally share all types of files.
2. Allow users to only share images externally.
3. Disallow users from sharing ANY files externally.
4. Specify which file types users can share internally.

Note: This setting has no impact on sharing links to files. It controls Google Chat only, so it also has no impact on sending photos and videos in classic Hangouts.

6. Manage Google Chat Spaces

Let’s not forget about Google Chat Spaces.

This last bit needs to be secured against external Chat as well.

Note: ‘Spaces’ used to be ‘rooms’. Google renamed it on Sep 8, 2021.

• If you’ve disabled external Chat for your users, users can’t create or join external Chat spaces — even if external spaces are On. However, if you’ve enabled external chat, users can still join external spaces — even if external spaces are OFF.
• You can also disallow users from creating Groups based on OU (If you configured a child OU for instance).
• If you have configured an allowed list of trusted domains for Google Chat, you should also check this box for Chat spaces as well. Otherwise, users won’t be able to create any external spaces.

7. Secure devices used for Google Chat

Devices can be the gateway for Google Chat security hazards. 

As an admin, you need to ensure users are not signed in to Google Chat from public or unsecured devices.

SEE: Devices’ Overview and Device Reports in the admin console.

Conclusion

Schools need to ensure Google Chat is a safe space for students and teachers to collaborate and communicate in real time every day. 

That’s why Google Chat security should be an indispensable part of your school’s overall Google Workspace security and monitoring strategy.

The above practices all work together to help you tackle various security risks associated with Chat use across your school or district.

Happy managing, Admins!

Found a particular Google Chat security or monitoring hack useful? — Give us a shout here.