Google Workspace Security: 4 Steps to Protecting Your Business

Google Workspace security is vital. Indeed, cyber security is a high priority for any business. And there’s a good reason for that.

U.S. businesses lose billions of dollars each year to cyber-attacks. Most of the businesses suffering from those cyber-attacks are small- and medium-sized businesses that may never recover.

Luckily, Google has several great built-in security measures you can utilize to protect your business. Here are 4 steps to protecting your business with Google Workspace security.

1. Enhance Google Workspace Security by Encouraging Users to Do a Security Checkup

A security checkup is an easy way to get an idea of whether your data is safe and what steps you could be taking to improve your digital security.

But each user in your organization needs to complete a security checkup for it to be as effective as possible. But it’s not a one-and-done measure. Most experts recommend doing a security checkup once every few months to make sure no new issues have cropped up.

The security check ups will show which apps have access to sensitive data and highlight any potential security issues. Train all your users to go through the security checkup process which entails these four steps:

  1. Sign into their Google account
  2. Click on their account name
  3. Click Protect Your Account
  4. Click Secure Account
  5. Review and resolve any security issues

You can find more information about the Security Checkup here.

Having each user complete the process could be the difference between a disastrous cyber breach and keeping your business safe.

2. Enforce Multi-factor Authentication in Google Admin

Multi-factor authentication is another simple yet highly effective security measure that your organization should be using. With multi-factor authentication, users must provide two or more pieces of verification information before they can access a resource.

For example, this could mean users must provide a PIN from their phone as well as a username and password. When properly utilized, multi-factor authentication reduces the chances of a successful cyber-attack because it makes it harder to get into your systems.

The first step to using multi-factor authentication is to educate your users on what it is, and give them time to set it up themselves.

This is especially true in organizations where some employees may not be very tech-savvy. It can be frustrating for them to deal with a new technology that they’re not familiar with. 

That’s why, at least starting out, we recommend enabling multi-factor authentication, but not enforcing it … yet.

To enhance your Google Workspace security with multi-factor authentication, do the following:

  1. Sign in to your Google Admin console
  2. Navigate to Security > 2-Step Verification
  3. On the left-hand side, select an Organizational Unit or Exception Group
  4. Check Allow users to turn on 2-Step Verification
  5. Select Enforcement > Off
  6. Click Save

From this point, you should continue to educate and encourage your users to enable multi-factor authentication. 

After an appropriate grace period, and with plenty of communication before hand, you should eventually change Enforcement to On.

3. Use Google Workspace Endpoint Verification

Google Workspace endpoint verification allows you to verify the devices people are working from and allow or deny access. Generally, the fewer devices you allow to have access to your data, the more secure that data will be.

To enhance your Google Workspace security with endpoint verification, do the following:

  1. Sign in to your Google Admin console
  2. Click on Devices
  3. On the left-hand side, select Mobile & Endpoints > Settings > Universal Settings
  4. Click Data access > Endpoint Verification
  5. To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit.
  6. Check the Monitor which devices access organization data box.
  7. Click Save

4. Set Up Shared Drives

Using shared drives can help prevent sensitive information from getting outside of the company. However, you need to carefully decide who should have access to each of the drives and folders, and also decide on a sharing policy. 

There are several ways that you can configure your Google Drives policies. For example, you can:

  • Let users share files outside of your organization
  • Restrict sharing to certain domains
  • Restrict all file sharing outside of your organization
  • Control how users share links to files
  • Restrict the access levels users can give to files
  • Control who can access files stored on shared drives

To learn more about these options, and how to configure them, click here

The Best Way to Protect Your Business

Following all of the steps outlined above is a great starting point for protecting your business but there’s still more you should do. In fact, the absolute BEST thing you can do is click here to schedule a free security audit.

(415) 800-1130