How to Improve Your Google Workspace Security
Is your data on Google Workspace secure? Here's how to improve your security posture and prevent data loss.
Is your data on Google Workspace secure? Here's how to improve your security posture and prevent data loss.
You’re likely gaining a lot of value from Google Workspace. But is your data safe? Here’s how to manage your company’s Google Workspace security. Use these tips to prevent security incidents and data loss before they happen.
Google Workspace is a powerful tool for business sharing and collaboration. It's low-cost and easy to use. So it’s no wonder organizations large and small have adopted it.
But Google Workspace carries risks. Google implements multiple features to prevent data loss and common security attacks. However, security is a shared responsibility with the customer on Google products. That’s why Google provides a set of best practices and security checklists for organizations of all sizes.
Insufficient Google Workspace security measures can lead to disaster. Imagine if someone gained access to a spreadsheet containing customer contact information.
Data loss can cost your company dearly. The worldwide cost of a data breach in 2022 was $4.35 million. In the United States, it's even higher - $9.44 million.
Additionally, yo may have additional data loss prevention requirements for your business. (For example, the HIPAA Security Rule covering patient health data in the United States.) These regulations may require you to implement stricter controls on who has access to specific data and how it’s shared.
That’s why Google Workspace security needs to be part of your overall information security plan. Here are some tips on how to button up your company’s usage.
2-step verification (also called MFA, or multi-factor authentication) requires users to use a second form of authentication besides their password. Often, this is a code sent via SMS or created by an authenticator app.
You can enable 2-step verification for your organization by navigating to your Google Admin Console, selecting Security from the navigation menu, and then selecting Authentication -> 2-step Verification.
![]() |
Before enabling this, educate your users on what MFA is and how they can enroll. Consider configuring the On from date and the New user enrollment period to give people time to onboard.
The Reporting Highlights page in your Google Admin console provides several informative roll-ups for assessing your Google Workspace security posture.
For example, you can see if you have any inactive users. Inactive users are usually people who have left the company. These represent a considerable insider threat vector. (Consider the system administrator who caused USD $1.1 million in damages after his employer fired him.) To prevent this, either suspend or delete an account ASAP when someone leaves the company.
You can also see how many files are being shared. You can even see whether they are shared inside or outside your organization. The more external sharing, the higher the risk for data loss.
![]() |
You can access even more security-relevant information in drill-down reports. Use the Accounts report (Reports -> Apps Reports -> Accounts) for this. It shows how many users comply with organizational password strength rules. The report also highlights how many are using 2-step verification. Use these reports to drive compliance with organizational security policies.
At smaller organizations, it’s common to give users broad privileges. Such rights sometimes include administrator access.
That increases the attack vectors against your Google Workspace. All it takes is for someone to crack (or guess) the password of an admin user, and it’s game over.
Limit administrator rights to a few select people. Consider limiting user rights further by:
Employees can undo the best security. Most of the time, this is done without ill will. People get busy and take the easiest path.
Train all new employees on Google Workspace security best practices. Specifically, ensure they know organization rules on password strength, password sharing, and information sharing with partners and customers. Create a culture of security at your company by always encouraging users to consider the possible risks their actions might have.
It may not be enough even if you follow all the tips above. Few examples:
Strac proactively prevents data loss. We detect potential leaks across dozens of popular products, including Google Workspace apps. Book a demo today to learn more.