3 Tips for Keeping Your Google Workspace Secure

If you are the Google Workspace administrator for your organization, ensure you have the right security protocols in place. Keep reading for your top three security to-dos. 

1. Secure Your User Logins

Securing your user logins is the most important way to keep your Workspace account safe. Workspace is at the center of your organization’s digital tooling, storing important emails, files, and access to other apps via SSO. If the wrong account is hacked, it could be a bad day for everyone.

• Password policies. At a bare minimum, you must enforce strong user passwords. That prevents users from using a weak password, such as “password123” and also prevents the reusing of passwords. While you’re in the admin panel, you should set a minimum password length. Eight characters are the least you should require, but 12 or more is better. Finally, select the option to enforce password policy at users’ next sign-in, which forces users with passwords that are no longer compliant to set a new one.

• Two-factor authentication. To comply with two-factor authentication, users usually receive a text message code to verify a login. However, Google offers multiple options. For example, you can use a verification code generator app (Google recommends Google Authenticator, but any verification code app should work). Another option is to receive a prompt on your phone, asking you to tap “yes” to verify your login.

• Security keys. A security key, which is either a USB device that looks like a flash drive or a hardware key built into your phone, interacts with your computer to verify your login. Security keys are considered the most secure means to protect user logins because they prevent cybercriminals from stealing a code by intercepting a text message or through social engineering.

2. Lock Down Email Security

Limit annoying spam and potentially dangerous phishing emails with Google’s daily robust filtering, which is enabled right out of the box. You can tweak the settings to set up block sender lists and whitelists to prevent and/or approve mail from certain addresses or domains.

• Enable Gmail safety features. Take advantage of email safety features, such as scanning attachments for malware and checking links in emails for suspicious domains.

• Prevent spoofing. Spoofing is when a bad actor sends an invoice to a customer and makes the email look like it’s from your domain. You can prevent spoofing through SPF and DKIM. SPF is a record you add to your DNS that says, “These are the servers authorized to send mail from my domain.” Obviously, it’s a list that includes Google, but there might be others that you do want sending emails on your behalf, like your accounting system. DKIM is another layer on top of SPF. It’s a DNS record on your domain that contains a public key. Outgoing messages are signed with an encrypted signature. The receiving mail server decrypts the signature using the public key, and if successful, the message is trusted as genuine. 

3. Limit External Access to Data

Many external third-party apps integrate with the core Workspace services. For example, a mail merge app could use data in a Google Sheet to fill in template emails sent by Gmail, or a video conference app could sync meetings with Google Calendar to show which meetings you have scheduled. You’ll need to grant or deny third-party access to your Workspace data. 

Some apps overstep what’s needed to work and basically request full access to every service. In general, a sketchy-looking app from an unknown publisher shouldn’t be approved to get any access. As an admin, the very least you should do is to allow users to install only those apps you whitelist.

Follow these tips to lay the foundation for securing your Google Workspace account. And if you are interested in learning more about being an effective Google Workspace administrator, check out all our training options! Not a CBT Nuggets subscriber? Sign up for a one-week no-strings-attached trial to explore all our online Google training.