A MAP to Remote Work Security in Google Workspace’s Admin Console
The way we work has changed — almost permanently for some organisations.
With that our IT needs and security priorities have also changed as new security vulnerabilities and requirements emerge everyday.
For Admins, robust auditing practices have always been an integral part of the cloud security game. However, when it comes to hybrid and remote work security there are just a few specific areas you’ll want to focus more on.
To help you make these Google admin console security checks more organized we’ve created a map of the most important areas to regularly audit (and secure) your Google Workspace Environment.
Rule of thumb: Any unusual spikes in these reports is your cue to further investigate.
Let’s dive in:
1. Check Google Workspace Users Logins:
A big chunk of remote work security incidents occur because of poor IAM practices.
That’s why auditing and securing Identity and Access Management (IAM) is a prerequisite to identify and address relevant gaps hackers can exploit to access your systems.
IAM Reports to monitor:
1. User login attempts report: Identify spikes in the amount of failed and suspicious logins in your domain.
2. Security report: You’ll find it under User Report. From there you can check which users skip Two-factor Authentication (2FA).
2. Google Workspace DLP (Data Loss Prevention):
Tracking who has access to your domain is no longer enough.
As employees work remotely most of their data collaboration happens in the cloud (Drive and Email mainly).
*Checkout our 6 Best Google Drive DLP Practices
DLP Reports to monitor:
1. Data Protection Insights reports: Understand what sensitive information is stored in your domain and make more informed decisions to protect it accordingly.
2. File exposure report: Get insights into how file sharing exposes your domain’s data.
3. DLP incidents report: Check the number of DLP incidents within a specified date range.
3. MAP Employee Devices
Remote employees like to use personal devices more often to complete quick or urgent tasks.
That’s why it’s not uncommon to have users logged into their work accounts from multiple devices.
While this makes things easier and more convenient for employees, it certainly increases the need to audit and secure this area in your admin console.
Device security reports to monitor:
- Compromised device events report: View device IDs, device owners, and the timestamps of compromised devices.
- Failed device password attempts report: Monitor the number of failed login attempts on your corporate devices during a specified time range.
- Suspicious device activities report: View details of suspicious activities on your corporate devices during a specified time range.
4. Google Chrome Browser Security
Take your remote work security out to the edge of the Chrome browser.
You can gain incredible insight into your users’ remote work security (assuming they chiefly use Google Chrome) by digging a little more into your Chrome browser security reports.
For example you can view things like unsafe site visits, file upload and download activity, etc.
Chrome security reports to monitor:
- Chrome threat protection summary report: Overview of various Chrome-related threat categories and related activities.
- Chrome data protection summary report: Overview of the number of Chrome-related incidents for the top data protection rules.
- Chrome high risk users report: Overview of users who have encountered the highest number of unsafe Chrome-related events.
- Chrome high risk domains report: Overview of the domains that are most risky for your organization, ranked by the number of unsafe attempts.
5. Email Phishing
Hackers like to go phishing for Remote Workers.
Phishing is one of the most nagging pains for almost all organisations when it comes to security.
Hackers like to prey on trends like hybrid and remote work and constantly reinvent their scams — Meanwhile employees aren’t always able to spot these threats.
That’s why employee phishing awareness should stay at the very top of every organisation’s cybersecurity strategy, coupled with vigilant auditing and security practices.
Phishing-related Reports to Monitor:
- Spoofing report: See the number of messages that show evidence of potential spoofing.
- Suspicious attachments report: View the number of messages with suspicious attachments.
- Authentication report: View the number of messages that meet, or don’t meet, email authentication standards.
Best Practice: Train users to report messages in their inboxes as ‘spam’, ‘not spam’, or ‘phishing’. This helps Gmail identify similar phishing messages in the future.
The Power of Security Alerts
Alerts (especially real-time ones) are one of the most powerful ways to stay ahead of remote work security threats, and take prompt action before a small problem becomes a much bigger one.
Here at GAT Labs we’ve developed a powerful toolset that allows admins to create more granular alerts to secure the finest bits of their remote work environment, in both Google Workspace and the Chrome, including:
- Email Delegation Alerts
- Alerts for Newly installed Apps
- Alerts for Disabled Two-factor Authentication (2FA)
- Alerts for Users logins from outside your country
- Drive Alerts on files Shared Out
- Drive Alerts on the number of Downloaded files
And much more…