Your employees' accounts are the easiest way to breach your organization. As such, they must be secured properly. Find out how to use Google Workspace to stay ahead of threats.
Passwords: the first layer to secure your Google Workspace
Managing your collaborators' accounts is one of the main aspects of your Google Workspace security. In this article, we will give you the keys to make sure your settings are state-of-the-art.
Unsurprisingly, passwords are the first thing you need to worry about when it comes to securing your employees' accounts. Apart from the classic advice (one password per tool, use of a password manager), Google allows you to set up alerts on the passwords of your teams.
The password rule
The very basics. If you haven't already done so, now is the time. Go to your console panel (Security>Authentication>Password Management). There, you can set the password policy in use within your organization - including minimum length. By default, Google forces all users to use a strong password: 8 characters or more (letters, numbers, and symbols). Our take: make 13 characters the minimum for creating passwords. Their strength will increase exponentially.
Alerts for safety at all times
As an administrator, the console is where you manage all your Google Workspace services.
Here are two use cases you can implement:
- Password leaks: Google detects compromised credentials that require a user password reset. Got to your Admin console (Policies>Leaked Password), there you can set up this alert and be notified when your collaborators' passwords are leaked.
- Password reuse: Google allows you to detect password reuse on Chrome. To do so, you need to activate some tracking rules and install the "Chrome Reporting Extension" on your collaborators' browser. Follow the checklist right here.
MFA is the cornerstone of account security
MFA is one of the best ways to secure an account. This is one of the two tips given by Toni Gidwani, Security Engineering Manager at Google in the Youtube series Hacking Google: "Enable MFA and don't click on phishing emails, we'll take care of the rest".
Defending Digital Campaigns’ CEO (a group that provides cybersecurity resources to political campaigners), Micheal Kaiser adds, "If you use MFA, your account is virtually untouchable.”
Enforcing MFA for everyone
It is essential that all user and administrator accounts use MFA. There is a solution for this: enforce MFA for all users. This command is accessible from the Admin Console, and allows you to make double authentication mandatory at any time for everyone. Be careful, a user who has not done it before the implementation will not be able to access his account, so you must communicate on it.
You can choose which authentication model you want to set up: by SMS, via a back-up email, or via a security key like Yubikey. We recommend SMS for your users and a security key for admin accounts.
Offboarding: the final step in securing your Workspace
Account security doesn't stop when your employee leaves the company: a former employee is still a risk to your organization. If you don't do whthe right thing, they will still have access to their accounts. Their credentials can still be used by a hacker in their possession, not to mention the malicious actions your employees could take.
Here is the checklist for offboarding an employee on Google Workspace (Admin console>Directory>Users):
- Delete all mobile devices
- Revoke access to password recovery
- Revoke all OAuth 2.0 application tokens
- Reset user login cookies
- Revoke security keys and access to application passwords
- Delete the user's account
Optimal Workspace account security doesn't have to be time consuming
Cyrius helps you connecting with your employees. For example, when a password leak is detected by Cyrius, we instantly alert your users to fix the problem themselves. Without any intervention from you, the breach no longer exists. In the same way, when a collaborator disables MFA, Cyrius automatically alerts him so that your user understands the usefulness of MFA. All this while providing you with the visibility you need to supervise these actions!
If you want to set up an optimal level of security for your collaborators' Google Workspace accounts, without wasting your time sending emails to your collaborators one by one, feel free to reach out!
