At Cloud Sultans, our mission is to help small and large businesses to better collaborate and achieve high productivity with their teams by maximizing the power of Google Workspace (formerly GSuite)
Google Workspace is an indispensable tool for businesses, providing seamless collaboration and productivity solutions. However, ensuring the security of your Google account in your company is paramount. In this article, we’ll explore four essential tips as proven by your experts at Cloud Sultans for enhancing the security of your Google account.
1. Two-Factor Authentication (2FA) in your Google Account
Two-Factor Authentication is a crucial layer of security that protects your Google Workspace account even if someone knows your password. As an end user, you can enable 2FA by going to account.google.com and navigating to the security tab.
Click on “Two-Step Verification” and follow the prompts to set it up. This step is a must-do, as it significantly reduces the risk of unauthorized access to your account.
Once you’ve secured your individual account, it’s essential to enforce 2FA across your entire company. As the administrator, you can do this in the Google Admin panel at admin.google.com. By enforcing 2FA, you ensure that every team member follows this crucial security measure.
Follow these simple instructions to enable that:
Go to your Google admin panel, click on Security and Set the Parameters. Click here to access Google Admin.
When enforcing 2FA, consider setting a grace period to allow your team time to adapt. Give them 1 week to set up 2FA on their accounts. Communicate this change effectively to avoid any inconvenience.
To avoid too much friction with your Workspace users, you can also enable the option “Allow users to trust the device” if they use a computer provided by the company. This way, they will only get challenged with 2FA once every 2 weeks or if they connect from another context (new location, new network, new IP, etc.). In this case Google will detect the change of habit and challenge the user with a 2FA again.
Last but not the least, As an administrator, it’s essential to monitor who has set up 2FA within your organization. You can easily check this in the user accounts menu by adding the “Two-Step Verification Enrollment” column. This provides visibility into which team members have complied with the security policy. You can generate this reporting by downloading all users information from the menu Directory>Users>Download Users. Make sure to download all columns or select “All user info columns and currently selected columns” when prompted.
2. Use App Passwords for Legacy Applications
Some legacy applications might not support 2FA. In such cases, you can create app passwords to maintain access without compromising security. To set up app passwords, go to your Google Account settings and find the “App Passwords” option.
This App passwords will be used by the third party application to gain access to specific services of your Google account. It can be Gmail or Drive, Calendar. With this App password, the third party application will gain access only to this tool without knowing your user password and disturbing you with a 2FA challenge to complete.
For instance, I recently needed to create an App Password to allow a Microsoft bot to access a user’s Gmail and proceed the migration of all messages from this Mailbox into Microsoft Outlook. In this case, the App Password works only for this bot and the bot can only access Gmail service and nothing else.
3. Delegate Admin Roles
Delegating admin roles can streamline account management and reduce the burden on your IT team. Assign roles such as User Manager or Help Desk Admin to team members who need specific administrative privileges. This allows them to perform essential tasks without accessing sensitive information.
You can select from the predefined role or even create a custom one that fits your needs. So you do not work alone and can delegate simple and time consuming tasks.
4. Mailbox Delegation for Controlled Access
Sharing passwords between collaborators to access a common resource is a serious breach of security. Indeed, how can you know who did what in case of error? And will you always remember to change the password every time a collaborator leaves the team? If not this person will still have access to all companies messages even when he will not belong to it!
Granting mailbox delegation can be helpful for teams that need to access shared email accounts. However, exercise caution and limit access to only those who genuinely require it. Delegating permissions can enhance collaboration while maintaining security.
Mailbox delegation allows users to access the Gmail interface of a colleague without knowing its password. Delegates can read, sorte, delete and send messages. However, the messages sent by the delegate can display the following mention to the recipient : Sent by XXX, from YYY. This way the recipient understands that the original author did write the message by somebody else. This option can be turned off too so the recipient can not make the difference.
Follow this link to A Guide to Delegating Shared Mailboxes in Gmail for Secured Collaboration
In conclusion, ensuring the security of your Google Workspace account is paramount in today’s digital landscape. Implementing these four tips, from enabling 2FA to delegating admin roles, will significantly enhance your organization’s security posture. By following these best practices, you can enjoy the benefits of Google Workspace while keeping your data safe from potential threats.
Any questions, comments, or reactions about our article, we’re happy to hear that in the comment section below. We always love diving into healthy discussions.
If you also feel that you haven’t been using Google Workspace at its best, reach us at (Cloud Sultans : contact@cloudsultans.com). We offer free consultation or system audit to find you the best possible solution.
