5 Important Measures of G Suite Security for Admins

Google, through G Suite, offers Administrators enterprise control over system configuration and application settings, all in a dashboard that they can use to streamline - authentication, asset protection, and operational control.

Here we will run through 5 basic yet essential measures Admin can take from their end to minimize security issues.

Manage users’ password strength-

The most fundamental G Suite security first: help your team choose a strong password; something with an uncommon letter and number combination.

As a G Suite admin, you get the ability to manage and track the password strength of every user in your organization. You would want to set minimum and maximum strength requirement. 

The best tool you have here is to monitor the strength of your users’ passwords from the Admin console. It provides you with a graph showing how strong each users’ password is. You can have the weak ones changed promptly if required.

Disallow the Less Secure Apps from accessing User Accounts-

G Suite has this great feature which allows you as the Admin to block sign-in attempts from Apps and Devices that do not stick to modern security standards.

What happens when a Hacker tries to access a user’s account through a less secure app? End-users receive an email informing that someone has attempted to access their account through not a secure application.

How to enable  this feature:

Go to Admin Console followed by Security then Basic settings and finally Less secure apps. Once there, click Disable Access to Less Secure Apps for all users.

Also as an Admin, if you want to monitor if a user has allowed access to less secure apps, just go to the Account Activity Reports section which includes a Less Secure Apps Filter that helps to indicate whether individually every user has denied access to less secure apps or not.

Making 2-step Verification Mandatory-

The Two-step verification is a process which involves two authentication checks performed one after the other to verify the log-in process.

It provides an extra layer of security to the users by having them authenticate their password with a verification code. It can be in the form of voice calls, mobile app notifications, phone prompts, etc.  

As an admin, you’d want to enforce 2-step verification for everyone in your organization.

Before the enforcement, check that every user in your organization is enrolled in, otherwise, they will get locked out of their accounts.

Still, if you have a few users still not enrolled-in but you want to enforce 2-step verification for the rest of the team, then place those users into exception groups. This way they will not be locked out of their accounts.

Specify an enrollment period during which new users can sign in to their accounts using just their password as that will give them some time to set up 2-step verification.

Limiting sharing of Calendar Information-

There are instances when people share their calendar externally so that other users can schedule and edit events, which is a potential threat to your data.

As an Admin, if you want to control the amount of calendar information people can share externally, Google does provide you with the ability to control the level of calendar sharing with users outside your organization, as well as the default visibility of calendars internally.

In case of External sharing:

Users can't exceed that limit when sharing individual events once you limit external sharing for your organization.

Limit sharing to Free/Busy, protects users from social attacks that depend on extracting information from Meeting titles and the Attendees.

Alternatively, you may allow outsiders to view all calendar information, and then accordingly choose whether they can or cannot change calendar items, or fully manage a calendar.

In case of Internal sharing : 

Available at the End User Level, Employees can choose how they share their calendars with Teammates/Colleagues. The internal sharing options set for your organization automatically apply if an end-user doesn't customize their own calendar settings.

Google Groups Misconfigurations-

Google Groups have leaked sensitive information in the past where emails that should have never come in public went on to become Google searchable which is why it is important for you to keep an eye on accidental Google Groups misconfigurations.

You can review and update your domain’s sharing permissions from the Admin console.

Even when you give the users the ability to create public groups, you can still change the domain-level setting to private, thus ensuring that nobody from outside the organization gains access to a group which was previously set to be public by your end-users.

You would want external individuals to be able to contact a group if your organization manages sales or support using Google Groups and it can be done without making the possibility of viewing topics public in a group. 

As an admin, you have the ability to allow outsiders to post to a specific group. The setting will be applied irrespective of whether group topics are set to be private or public.