Your guide to a bulletproof security strategy with Google Workspace

03 August 2022

Now more than ever, it is important to ensure you have a bulletproof security strategy for your business. The acceleration of digital transformation over the last two years, coupled with the advancement of hybrid work, means that the risk of data breaches is at an all-time high. In this article, learn how Google’s secure-by-design and cloud-native approach can support your business, how to reduce risk automatically, and how to centralise control and reduce end-user risk. Using the following tips and best practices will help improve your organisation’s overall risk posture.

Introduce security into your onboarding. When a new starter joins your team, look at setting up 2-step verification first. It may seem obvious, but it can often get overlooked. It provides an important, extra layer of security to your end-user accounts in case their password gets compromised. Plus, the end-user may be more security savvy if it is one of the first things they experience at the company. Teach them to take it seriously from the get-go.

Secure your company devices with Endpoint Management. With the uptake of people working remotely, if something goes wrong, you won’t be sat in the same office as the compromised account. However, the security features within Google Workspace allow you to manage everything remotely, straight from the Admin Console. With Endpoint Management, you can suspend accounts, enforce the requirement to have a lock screen and encryption, or should the worst happen – erase confidential data from mobile devices from one central location. 

Know everything about your data. Run an audit and find out exactly where your data sources are and who it’s being shared with. Once you have a holistic view of how your company uses data and who has access to it, you can make changes to make your business more secure. You can use tools such as the File Sharing Exposure Report to see who has access to certain files, and the Audit and Investigation tools in the admin console allow you to see user activity in Google Drive. 

Optimise security with Data Classification. Help your IT team protect your files in Google Drive efficiently by tagging your data. By applying labels to Drive files, you can identify sensitive documents and enable policies that meet your business and regulatory compliance requirements. For example, Sales Reps should not have access to payroll documents, and customer payment details shouldn’t be stored in a public Drive for the whole company to see. Classifying your data will not only help keep your employees safe, but your customer’s data secure too.

Protect sensitive data with Data Loss Prevention (DLP). Using DLP in Google Drive and Gmail allows you to control how everything is shared externally. You can create and apply rules that trigger scans on your documents and emails for sensitive information. These rules, if violated, trigger a DLP incident which then alerts the admin team, allowing you to act quickly to avoid any data loss. Ensure you define your own DLP rules that protect your specific business interests. For example, you may have client data you need to keep private, or you may be required to keep project details confidential. 

Control which 3rd-party apps access your data. App Access Control helps admins put processes in place to reduce the risk of data breaches through APIs. You can restrict access to Gmail, Drive and Contacts, and it allows you to trust specific apps that are deemed safe. This is especially useful if you work within a large organisation with lots of users, or if you are operating a hybrid working model, as accounts can become messy and hard to manage without proper monitoring. Before you begin, identify the apps you want to control. You can use tools like the Token Report to help determine which apps are critical to the business based on how many users use them. Then you can assess them to ensure they are in line with your compliance requirements, and you can check if due diligence has been done on the app to ensure it is safe.

There is so much you can do to understand how Google Workspace can support your organisation’s security needs, but these are the foundations to ensure the basics are done right. By incorporating these simple steps into your security strategy, you can start to control your company data and put policies in place to prevent data loss. Google actively works to keep its users secure, from phishing and malware attacks to being GDPR compliant. It is one of the most secure cloud providers available – they even have a useful security checklist based on if you are a small, medium or large organisation. So if you are new to Google Workspace, or need to revisit certain areas and become more secure, book in a security workshop with us and make security one of your top priorities for your business.