Google Cloud Apps Admins

8 G Suite Admin Settings to Improve Company Security

Written by Joey Allen (Google Admin) | January 25, 2018

As a Google Admin/G Suite Admin, it is important to secure access to your company's G Suite Apps and associated data. Identity theft, data breaches, and associated cybercrime cause millions of dollars worth of damage every year. However, by taking proper precautions you can keep your users and your company safe.


Most security breaches are caused due to carelessness or simple user error more than anything. This well known corporate breach wasn’t achieved through high-level computer skills but simple human error and could have been prevented with relatively basic security practices. As Google is a company focused on security measures they give you many tools as a Google Admin/G Suite Admin to track information, secure access, and increase data security. Here is a brief overview of these eight tools and practices.

Eight Security Best Practices For A Google Admin/G Suite Admin

  1. Use Two-Step Verification: is the first step you should take in making user accounts more secure. Flatly, end users are often not the best at security. Examples include leaving post-it notes with passwords written on them by their workstations or using the same passwords repeatedly without much modification. A two-step verification system keeps accounts secure even if a password becomes known or is brute force. By combining this with employer issued cell phones security is further enhanced and able to be monitored.

  2. Use Physical Security Keys: for high-level accounts (administration, high-level management, auditors, etc.) a physical key greatly enhances security. Key fobs are physical objects and cannot be hacked through common methods so even if a password is compromised without the physical key access cannot be gained. Physical keys can connect via USB or Bluetooth making them compatible with an assortment of computer devices.

  3. Enable Password Alerts: awareness is key in preventing information breaches. Phishing as you know has become quite advanced and the fake sites and emails used can look authentic on first glance especially to an inexperienced user unfamiliar with such things. As many companies use Chrome as their browser of choice enabling the password alert extension lets users know when they’re entering their sign-on information on an untrustworthy website. The extension can also be enhanced by enabling email alerts and forcing password changes as needed. By empowering your users' information breaches can be prevented on their end.

  4. Review Activity Reports: many information breaches are not noticed when they first occur. It is not necessarily the data breach that is damaging but the overall length of time an unapproved party has access to valuable information. By catching unusual activity early its damage can be greatly mitigated. Activity reports track logins, account status, usage of two-step verification, and other data sets that can point to unusual or undesired activity.

  5. Review Administrative Email Alerts: as a Google Admin/G Suite Admin you have a great deal of control over alerts that are generated and emailed to the administration. By practicing awareness as a policy you help reduce the length of time system vulnerabilities remain uncorrected. Alerts such as setting changes, suspicious login activity, and compromised company cellular devices should be enabled to limit the negative impact of such occurrences.

  6. Secure Compromised Accounts: once an account has been compromised it should be deactivated immediately, reviewed for any possible breaches, repaired, and then reassigned to the user. During the reactivation process, the password should be reset, old tokens revoked, sign in cookies deleted, and app passwords reset on devices such as cell phones and tablets. When the account is unsuspended and a user signs in with new identifying information tokens and cookies will update accordingly.

  7. Practice Least Privilege: an account should not have more access than the user requires. An account privilege level should only be as high as the user needs to complete their daily tasks and duties. Supervisor accounts and administrative accounts should be reviewed regularly as supervisor stepping down from such roles but still retaining their now unneeded supervisory access is far from uncommon.

  8. Have Account Recovery Measures On Your Own Account: lastly, as a Google Admin/G Suite Admin retaining access to your own account is highly important. As nobody is perfect you should have preventive measures in place such as a recovery email contact and phone number in case you need to re-enable access to your own account.

 

Final Thoughts

As the above information shows Google gives its Google Admin/G Suite Admin accounts many different tools to increase your company’s security. Breaches and identity theft are an ever increasing issue and protecting your company data (both for your own company and your clients) is essential. A large data breach can do irreparable damage to a company’s reputation and more importantly harm many people. By keeping the above considerations in mind you can help prevent data breaches and should they occur reduce the scope of the damage they cause. More information about G Suite security options (and various other settings) can be found here.