shopping-cart
Header Image

5 Tips to Lockdown your G Suite Security

Apr 17, 2019
5 Tips to Lockdown your G Suite Security

#1: Have your users complete a Security Check-up

The Security Check-up needs to be done by each user. Moreover, it is recommended to do this every few months to ensure there are no issues.

For this, instruct your users to go to //myaccount.google.com/security-checkup  

This will show the apps that have access to your data at all times, and automatically provide you with personalized guidance to improve the security of their Google accounts.

An example of good practice is to remove your Google account from old mobile phones. We believe it’s really important for your users to understand the information that is shared with apps or sites so that you can help keep everyone in your organization safe.



#2: Enforce 2-step verification.

Two-step verification (2SV) is one of the best ways to prevent someone from accessing your account, even if they steal your password. Moreover, 2SV can reduce the risk of successful phishing attacks by asking employees for additional proof of identity when they sign in.

In G Suite, admins have the possibility to enforce 2SV on new accounts. Still, there is the option of a grace period for new accounts. It’s a good idea to make the grace period a week or two as it is difficult for new employees to setup 2SV on their first login.

Another recommendation is to not allow verification codes via text or phone call. This is because cybercriminals can sometimes redirect or “port your number” over to another provider so if they have your email and password and redirect your number, they can login to your account.  Using the “Google prompt” or “Google Authenticator” methods on your mobile phone are much more secure.

See below a guide on enforcing 2SV on your domain.

Bonus Tip:  If staff are unable to get their 2SV code (e.g. lost or changed mobile phone), you can retrieve a “backup code” from the user account security settings in G Suite admin console.

#3: Help Prevent Phishing and Malware Emails from Reaching Your Staff

As a G Suite administrator, you can protect users’ incoming mail against phishing and malware and choose what action to take based on the type of threat.

For example, you can choose to move suspicious content to your Spam folder or leave it in your inbox and display a warning. All the security settings can be tailored for different users and teams using organizational units.

Note: Although Gmail already displays warnings and moves emails known to be untrustworthy to spam, the settings in this article capture additional unwanted or harmful emails.

Onsite Helper recommends the following settings for the majority of their clients:

#4: Specify Which Devices Can Access Your G Suite Data

Google has recently released a great security feature that can help secure your company’s data, known as G Suite Endpoint Verification. Endpoint verification is a Google Chrome extension that syncs with your G Suite domain to verify the device your working on as to allow or deny access.

This is great for businesses who wish to have tighter control of their data, as it enables them to set restrictions to Gmail, Google Drive and all the other cloud apps to approved devices only.

A common request we had from many clients was to only enable G suite access from office computers. They don’t want access to all their information from devices out of the office. This new feature allows this level of security to be enabled.

Watch this video to see how to set this up

#5:  Setup Team Drives to Prevent Sharing Sensitive Company Data Externally

A big issue with Google Drive is that managing security permissions and file ownership is a difficult task.

It’s not rare to hear stories of files and folders going missing after an employee has left. Or stories about a data breach as someone shared a top-level folder without knowing that all the subfolders inherit the top-level folder, thus sharing data with people outside of the organisation.

This is where Team Drives would have prevented these two common issues from happening. Team Drives has “Team Sites” and the “Team Sites” takes over the ownership of the file preventing it from being deleted as well as controlling the permissions for all the folders and files to prevent external sharing of your confidential data. You can still share externally, but you will have a designated “share space” for those files.

Team Drives also improves efficiencies for staff to find the data they need.

Keep in mind: Team Drives is only available for G Suite Business or Enterprise licences.

In Conclusion

G Suite can be the tool to really drive businesses forward with collaboration and efficiency.

However, like with any tool, you really need to invest time to learn so you can take advantage of its features. Being mindful of the less exciting items like licence management and security is just as important so continuous reviews should be made to bridge any gaps.

If you’re not a G Suite expert, then it’s a good idea for your business to use a G Suite partner so they can provide ongoing value to your G Suite experience.

It may even be a better idea to offload all of these tasks to your G Suite partner so they can manage it correctly for you and provide ongoing support to your staff. Finally, G Suite partners can keep you informed about the latest features of G suite as well as special upgrade promotions, which your business can take advantage of.

Some related information:

Tools for Productivity

Tools for Security

Leave a Reply

Your email address will not be published. Required fields are marked *

4 × five =