How to Improve Your Google Workspace Security

You’re likely gaining a lot of value from Google Workspace. But is your data safe? Here’s how to manage your company’s Google Workspace security. Use these tips to prevent security incidents and data loss before they happen.

Note: If you are looking to learn about DLP (Data Loss Prevention) for Google Drive, please check our detailed blog post here: https://www.strac.io/blog/google-drive-dlp

Why Google Workspace security matters

Google Workspace is a powerful tool for business sharing and collaboration. It's low-cost and easy to use. So it’s no wonder organizations large and small have adopted it. 

But Google Workspace carries risks. Google implements multiple features to prevent data loss and common security attacks. However, security is a shared responsibility with the customer on Google products. That’s why Google provides a set of best practices and security checklists for organizations of all sizes.

Insufficient Google Workspace security measures can lead to disaster. Imagine if someone gained access to a spreadsheet containing customer contact information. 

Data loss can cost your company dearly. The worldwide cost of a data breach in 2022 was $4.35 million. In the United States, it's even higher - $9.44 million.

Additionally, yo may have additional data loss prevention requirements for your business. (For example, the HIPAA Security Rule covering patient health data in the United States.) These regulations may require you to implement stricter controls on who has access to specific data and how it’s shared.

That’s why Google Workspace security needs to be part of your overall information security plan. Here are some tips on how to button up your company’s usage.

Enforce 2-step verification

2-step verification (also called MFA, or multi-factor authentication) requires users to use a second form of authentication besides their password. Often, this is a code sent via SMS or created by an authenticator app. 

You can enable 2-step verification for your organization by navigating to your Google Admin Console, selecting Security from the navigation menu, and then selecting Authentication -> 2-step Verification. 

‎

Before enabling this, educate your users on what MFA is and how they can enroll. Consider configuring the On from date and the New user enrollment period to give people time to onboard. 

Use Reports to gain insights

The Reporting Highlights page in your Google Admin console provides several informative roll-ups for assessing your Google Workspace security posture. 

For example, you can see if you have any inactive users. Inactive users are usually people who have left the company. These represent a considerable insider threat vector. (Consider the system administrator who caused USD $1.1 million in damages after his employer fired him.) To prevent this, either suspend or delete an account ASAP when someone leaves the company.

You can also see how many files are being shared. You can even see whether they are shared inside or outside your organization. The more external sharing, the higher the risk for data loss.

‎You can access even more security-relevant information in drill-down reports. Use the Accounts report (Reports -> Apps Reports -> Accounts) for this. It shows how many users comply with organizational password strength rules. The report also highlights how many are using 2-step verification. Use these reports to drive compliance with organizational security policies. 

Limit user rights

At smaller organizations, it’s common to give users broad privileges. Such rights sometimes include administrator access.

That increases the attack vectors against your Google Workspace. All it takes is for someone to crack (or guess) the password of an admin user, and it’s game over. 

Limit administrator rights to a few select people. Consider limiting user rights further by:  

• Controlling file sharing capabilities - e.g., by turning external sharing off.
• Creating a resource hierarchy to limit access to more sensitive information. For example, customer contact information or future product plans.
• Limiting external sharing to specific trusted domains, such as partners and customers. 

Educate your users

Employees can undo the best security. Most of the time, this is done without ill will. People get busy and take the easiest path. 

Train all new employees on Google Workspace security best practices. Specifically, ensure they know organization rules on password strength, password sharing, and information sharing with partners and customers. Create a culture of security at your company by always encouraging users to consider the possible risks their actions might have.

Limitations of built-in Google Workspace security features

It may not be enough even if you follow all the tips above. Few examples:

1. If an employee's Google account is compromised, all files in Google Drive or Gmail will be accessible and stolen. Customer trust will be eroded.
2. A user may still email or share a file or document containing sensitive information. Even if you discover this breach, the damage may already be done. 

Strac proactively prevents data loss. We detect potential leaks across dozens of popular products, including Google Workspace apps. Book a demo today to learn more.