Keeping up with emerging threats and deploying tools to fight them can be a challenge. We've put together five quick action items to help improve your security and protect your Google Workspace environment.
These steps come directly from security audits our team has conducted in all types of organizations. Through our work, we’ve uncovered some common opportunities for organizations to boost security using the built-in features of Workspace.
Activate Two-step Verification (2SV)
If you only do one thing on this list, it should be this one.
Two-step verification (2SV)—also called two-factor authentication (2FA)— requires users to prove their identity using more than just their password. A second authentication component must also be provided, such as an access code or sign-in prompt available through their mobile device or a one-time verification code generated on a hardware token.
Turning on 2SV helps stop unauthorized access to user accounts. It’s useful in thwarting targeted intrusion attempts from threat actors, such as hackers with stolen user login credentials and even former employees who may know another worker’s username and password. In addition, 2SV provides a barrier against attackers who gain access to your administrator accounts or malicious code that tries to break down your defenses from the inside.
Most users can turn on 2SV for their individual accounts but to ensure your company is properly protected, we advise administrators to enforce this option across the entire organization.
Two-step verification is a powerful counter-intrusion measure and adding it to your Workspace environment results in only a minimal change in the user experience.
Disable IMAP and POP
Advances in email security technology have made the use of IMAP and POP both unnecessary and undesirable. While these protocols were once popular for accessing emails remotely, they now represent vulnerabilities when allowed to connect into a Google Workspace environment.
The outdated protocols don’t support the strong authentication measures included in 2SV and similar methods. In recent years, hackers have increasingly targeted IMAP- and POP-enabled accounts in their attempts to bypass verification and gain access to cloud-based data.
We recommend you use OAuth 2.0 for authentication instead. As an alternative, you may also choose to enable but restrict IMAP, allowing only those mail clients that support OAuth to connect.
Both IMAP and POP represent old and vulnerable protocols that should not be relied upon in 2021.
Leverage Mobile Device Management (MDM)
The use of mobile devices was already skyrocketing and the shift to work-from-home triggered by the pandemic only increased users’ reliance on smartphones and tablets. Administrators have mobile device management (MDM) tools available within Workspace to help keep those devices and their connections to your company data secure.
Begin by reviewing mobile device usage and see where security gaps may exist. Audit and activity logs are available to show you if device passwords are noncompliant with your password policy or if any downloaded applications could pose a risk to your environment. You can then engage users to improve their password practices and remove potentially unsecured apps.
Google Workspace also gives you the tools to wipe data from a lost or stolen device and even remove the user’s account and related information to prevent unauthorized access.
Google’s in-built MDM solution has everything you need to easily facilitate mobility across your organization and to do it securely.
Restrict or Eliminate Third-Party Applications
Non-Google applications are easy to add to your environment and many have proven to be useful tools in helping employees increase their productivity and streamline workflows. However, some of these third-party solutions could introduce security risks without your knowledge.
Using Google Workspace, administrators have tools to see which applications are authorized to access your organization’s data. The console also offers visibility into the services each app is using and its current level of access.
You can then specify which third-party apps are trusted to access services, or you have the flexibility to restrict access based on your corporate policies and procedures.
Make sure you use Google’s admin capabilities to exclude or limit, as well as monitor, any third-party applications operating within your environment.
Maintain Good Governance
Google Workspace is powerful and flexible. It provides tools, dashboards and features that enable you to administer your services, data, devices and users at multiple levels.
It’s critical to understand who currently has privileges to access and/or alter your environment, to limit who can make changes, to put boundaries around how far these powers extend and to maintain awareness of when changes are implemented. Become accustomed to utilizing the capabilities in Workspace and make the security of your services and data part of your overall governance strategy.