Project Description

📖 4 mins read

Take your Chromebook security game to the next level!

Managed Chromebooks are one of the most popular deployments in use today, not only in schools but also at organizations of different types and sizes.

While Chromebooks are enriched with built-in layers of security protection (hence the ‘hassle-free’ tag) — IT admins still need to configure the more granular Chromebook security bits to FULLY protect their data and users.

In this mini-guide, we’ll show you which Chromebook security features are already built-in and which security bits you need to look after yourself.

The Admin's 5-minute guide to Chromebook Security 1


Which Chromebook Security features are built-in and which aren’t?

Chromebooks take many of the traditional IT chores off the admin’s back — Let’s take a look at those built-in Chromebook security features you can check off your to-do list:

✔️ Virus-free — You don’t need to fret over things like antivirus software. 

✔️ Automatic updates — Unlike traditional operating systems, Chrome OS automatically updates in the background. Apps and security patches are automatically updated too.

✔️ Sandboxing — Each web page and app runs in a restricted environment. If an infected page is visited, other tabs or apps on the computer won’t be affected.

✔️ Verified Boot — Every time a Chromebook starts up, it completes a self-check called ‘Verified Boot’ to detect system issues and repair them automatically.

✔️ Data Encryption — Achieved via a tamper-resistant hardware security chip,  making it difficult for others to access those sensitive files stored in the cloud.

✔️ Recovery Mode — Easily restore the operating system to a known good version if anything goes wrong with a Chromebook.

Now onto your what’s NOT covered, AKA your ‘security to-do list’!

According to Google ‘’Chromebooks let you breathe just a little bit easier’’  — which means admins still need to take any remaining precautions to protect their users and data and make their Chromebook fleet more secure.



Chromebook Security guide

All you need here is to deploy a comprehensive Chromebook Management tool to your fleet that covers the below to-do list:

Set up Chromebook Geolocation Tracking

Tracking and managing the location of your Chromebooks and Chrome OS devices in real-time is pivotal.

This prepares you ahead for any Chromebook device loss and/or theft incidents and allows you to remotely disable compromised devices to protect your domain data and users before further damage is caused.

Additionally, activating geolocation alerting helps you spot and respond to unusual logins on time — before incidents are even reported.

As this information is not available in the admin console, an accurate and reliable Chromebook management tool can help you cover this area.

The Admin's 5-minute guide to Chromebook Security 2

Assess Chromebook Installed Extensions

High risk extensions that request great access permission to your environment can bring in a whole range of security hazards to your fleet.

That’s why managing the extensions users install on their Chromebooks is another crucial Chromebook security area to add to your list.

These extensions use a permission system to request access to subsets of those features. Depending on the permissions they request, they can add icons to the toolbar or inside the address bar. 

They can also open and close tabs and windows and gain full access to every page your users visit and all data sent to the web (even if users use HTTPS) and more… 

A good example would be Adblock, which runs on every page you visit and monitors what resources the page loads and can block requests for advertisements.


Manage Domain-wide Downloads

Just like installed extensions, unsafe downloads can bring in very similar hazards. 

Ideally, you’ll also want to monitor and manage domain-wide download, with the ability to report on and remove unsafe downloads on your Chromebooks on any site at all times in real-time.

Check out this post to learn How to Report and Remove Files Downloaded by Users in Chromebooks using GAT Shield.


Automatically Block Risky Sites URLs in Chromebooks

Now on to protect users from visiting risky or malicious sites.

Thanks to the sandboxing built-in feature, Chromebooks are by far the most secure devices in the market today when it comes to safe browsing.

However, you’ll still want to add more control over which websites your users can visit to give that browsing security more of a customized boost. 

That way, you’ll not just ‘minimise the risks’ associated with visiting a malicious site, but you’ll eliminate that risk from the root by blocking potentially harmful sites for your users altogether.



Content Filtering for Chromebooks

This is particularly important for K-12 schools where admins need to protect students from harmful online content and/or practices and stay CIPA Compliant (Children’s Internet Protection Act).

Similarly, SysAdmins at organizations where remote workers use company Chromebooks may want to prevent users from viewing unsafe content using company devices.

In that case, a powerful Chromebook audit and content filtering tool will do the trick. 

You can also get more granular and perform things like YouTube browsing audit if your users need to use online video platforms but you still want to control the content they view there.


Chromebook Device Access Management

Another vital thing to stay on top of is device access management to detect secondary users on your Chromebook devices.

This helps you ensure that users are using their school or company accounts (rather than personal accounts) to sign into their Chrome OS devices. In return, you’ll ensure that the security measures set across your domain are enforced.

It will also allow you to spot any unusual log-ins that may indicate suspicious activity on your Chrome OS devices.

To find secondary users on Chrome devices using GAT Shield simply follow these steps.


Chromebook Managed Guest Sessions

Finally, if your school or organisation uses shared Chromebook devices, then deploying managed guest sessions to your fleet is one final Chromebook security essential.

Managed guest sessions give you IT control while allowing multiple users to securely share the same Chrome device without the need to sign in. 

Blog-CM-Chromebook Security-4


Whether you’re a Sysadmin at an organization or K-12 school, the above Chromebook security controls will help you stay ahead of the game and meet your district’s or organisation’s IT requirements more easily.


Found this mini-guide helpful? — Take the conversation online and share it with your colleagues and peers using the social media buttons below ?

Thanks for sharing and spreading the word!