Protecting Your Google Workspace Environment

As remote and hybrid workplaces become the norm, organizations face a difficult challenge: empowering workers with collaboration and productivity tools they can use anytime, anywhere, while maintaining critical security, privacy and compliance measures (and reining in shadow IT).

Security and privacy features are baked into Google Workspace, providing you with control over system configuration and application settings to streamline authentication, asset protection and operational control. But how can you ensure you’re taking advantage of all the security features available to you—and addressing any gaps?

Here’s how to make the most of the security features in Google Workspace—and how you can take security up a notch with the help of a Google Workspace partner like Pythian.

Google Workspace Gmail protection: Many malware and ransomware attacks make their way into an organization through email—or, rather, an unsuspecting employee opening up a malicious attachment or clicking on a malicious link. That’s why a cloud-based email platform makes sense, especially one like Gmail, with advanced phishing and malware protection that prevents more than 99.9 percent of spam, phishing, spoofing and malware from reaching users’ inboxes. And with the enterprise version, IT managers can take this a step further by using Security Sandbox to set up rules for detecting suspicious attachments.

Pythian’s best practices for Gmail protection:

• Use SPF, DKIM and DMARC to establish an email validation system and authenticate your domain
• Disable IMAP/POP access that let users access Gmail through third-party email clients
• Enable enhanced pre-delivery message scanning, external recipient warnings and additional attachment, link and external content protections

Google Workspace Drive protection: Even if local machines are compromised by malware or a ransomware attack, Google Drive files such as Docs, Sheets and Slides would be safe. With Drive’s revision history, data can be restored to a previous state. This, of course, won’t help with legacy files, so it’s a reason to consider switching to Google Drive for all file creation going forward.

Pythian’s best practices for Drive protection:

• Keep file sharing to users on your domain to reduce potential data leaks or outside actors from accessing your documents
• Set a default for link sharing, ensuring only the document owner can share or add new users
• Protect documents from accidentally being shared to the web by turning off ‘publish on the web’ settings

Google Workspace Account protection: User accounts come with built-in security designed to detect and block threats like spam, phishing and malware, and activity is stored using strong industry standards and practices.

Pythian’s best practices for Account protection:

• Enable two-step verification to help keep user accounts secure should a password be accidentally leaked
• Use password alert to ensure users don’t use existing passwords on third-party sites to limit the potential for data breaches
• Set up admin email alerts to keep track of any suspicious behavior or setting changes

Google Workspace Calendar protection: Calendar entries are stored securely in Google data centers, and data is encrypted in-transit and at rest. They’re also stored on user devices so users can easily access their calendar offline.

Pythian’s best practices for Calendar protection:

• Limit external calendar sharing to ‘free’ or ‘busy’ (and not displaying details) to limit potential data leaks
• Set up automatic warnings to let users know when they’re inviting external users to a calendar to ensure they’ve invited the right people

How to take your security up a notch with Pythian

Your IT team may not have the time, resources or specific expertise with Google Workspace to configure, monitor and manage your Google ecosystem and stay on top of the latest security threats. And while there are security features baked into Workspace, you still need to configure them properly, set operational controls and continually monitor your environment.

Ensuring Google Workspace adheres to a company’s compliance and security framework is paramount to reducing risk. With Pythian, we make your Google Workspace better. We work as an extension of your IT team, providing personalized training, lightning-quick support and managed administration. You’ll get enhanced dedicated support and strategic guidance around the use of Google tools and optimization for security, privacy and compliance.

Our long-established Managed Google Workspace Administration practice encompasses a full range of services, from recommending the Google tools that best suit your needs, to training and support. We also offer a fixed-fee Google Workspace Security Assessment, which includes remediation, recommendations and implementation of Workspace’s configuration and security settings—helping to take your Google Workspace security up a notch.

Schedule a security audit with a Pythian Google Workspace and security expert today!