Project Description

📖 3 mins read

It’s been an exciting journey growing and leading the security and audit market for Google Workspace and Chrome. The best part of our story though is that we got to meet a lot of interesting people from different walks of life and build great insight into the Google Workspace realm. 

One thing we noticed along the way is that many Google Workspace admins don’t realise the security implications of the role when they first sign up for it. While security can obviously mean different things to different people in general, if you are a Google Workspace admin the security of your domain is pivotal.

I mean let’s face it, with the soaring number of data breach and data leakage incidents out there, no one is safe. Even worse, if anything goes wrong, the Google Workspace admin will always be held accountable for it, Yikes right?

Your 3 Killer Google Workspace Admin Security Practices for Starters 1

The good news is that it’s easy to get started right away with our three recommended fundamental practices to a more secure domain. Consider them your gateway to securing your data from leakage, loss and insider threat.

But before diving in, let’s start with a few basic questions we noticed many people ask throughout our interactions in the industry: 

What is Google Workspace?

Your 3 Killer Google Workspace Admin Security Practices for Starters 2

Yes, because it was previously known as Google Apps many people are still unfamiliar with the new term.

Simply put, Google Workspace is Google’s Office suite. It comprises a strong set of cloud-based tools including Gmail, Hangouts, Calendar; Drive for storage; Docs, Sheets, Slides, Forms, and Sites for collaboration. 


What is a Google Workspace Admin?

Your 3 Killer Google Workspace Admin Security Practices for Starters 3

The Google Workspace admin is the person at a company, school, or organisation who manages Google services for users. Admins are responsible for administering the most crucial Google Workspace operations. 

That includes adding and removing users, setting permissions for/ and installing apps from the Google Workspace Marketplace, managing company data, billing, and reviewing usage for security problems.

Here is how to log into your Google Workspace Admin account.

Why is securing your Google Workspace important? ?

Your 3 Killer Google Workspace Admin Security Practices for Starters 4

It’s quite simple. Imagine having a chest of rare jewels in your house, would you walk out and leave the door unlocked behind you? I’m guessing not. You might even consider investing in a good safe to close guard your treasure.

What about your data; your most valuable business assets? I think you get the picture now.


Your three fundamental Google Workspace Admin Security Practices: 

ENFORCE two-step verification ?️

Your 3 Killer Google Workspace Admin Security Practices for Starters 5


The first practice you’ll want to adopt is enforcing (not just enabling) two-step verification for all your Google Workspace account users. 

  • Two-step verification is exactly like fitting a second lock to your house, whereby users will need an additional code to log into their accounts besides their password. 
  • That code is sent to their phones through text, voice call, or mobile app. Additionally, if they use a Security Key, it can be inserted into their computer’s USB port and voila! Easy and secure access guaranteed.

↪️ To set up two step verification simply follow these steps.

Identify unusual spikes in the Highlights Report in your Google Workspace Administrator Panel. ?


Your 3 Killer Google Workspace Admin Security Practices for Starters 6

The Highlights Report ? is your first whisperer of early signs of trouble.  It shows key metrics and trends in your domain, whereby any unusual or suspicious spikes should always be treated as alerts. 

But what exactly should you watch out for? Here are the three main metrics to constantly observe:

1. General Google domain usage:

Things like multiple failed login attempts or odd geolocation are red flags you should be alert to. They usually indicate that someone is trying to compromise/ or has in fact compromised that user’s credentials.

2. File sharing:

Lookout for unknown sharing parties or abnormal file sharing, download or transfer. This can indicate that your domain is breached and is either leaking data, or is infected with malware.

3. User status, storage and security:

This chart shows you if any user granted access to their account to any unauthorised third-party app. You will also be able to see any abnormal addition or deletion in files or sudden fluctuation in file storage.

Backup your Google Workspace data regularly ?

You know the wise old saying, ‘better safe than sorry’. 

Getting into the practice of regularly backing up your data is one of the best things you can do as a Google Workspace admin. This simply limits the chances for data-loss if your Google Workspace data ever gets accidentally or maliciously compromised. 

Bonus Tip 

Protect yourself against phishing attacks by deploying the Password Alert extension which will detect if users enter their Google password into any websites other than the Google Sign in page.

Learn more about password alerting here.

Additional Security and Powerful Insights ?

Your Google Workspace has incredible capabilities for your business, but you need to fully secure it as well as learn how to harness its full resources to access intelligent data that you can build on. 

That is why businesses are loving GAT, the exclusive security and audit tool for Google Workspace. GAT helps businesses grow safely and wisely by offering optimum Google Workspace security and detailed analysis, enabling them to make better decisions and take decisive actions faster.

To learn more about our solution and how GAT can help your business click here.

Or better yet book a demo now here.

Thanks for sharing and spreading the word!