G Suite Security: Best Practices to Secure your Data

15 January 2020

By Justin Gibbs –


Companies around the world are reimagining how work is done by using cloud technologies to improve collaboration, productivity and efficiency. One of the most popular – and growing – cloud services for businesses is G Suite, Google’s set of cloud-based collaboration tools. Today, more than 5 million businesses use G Suite to work smarter, faster and more collaboratively – from small businesses to Fortune 500 companies such as Morrisons, GANT and BBVA.  

G Suite offers businesses a multitude of benefits, including sharing files easily, collaborating quicker and uniting employees across multiple locations. However, one of the biggest benefits of using G Suite is its enhanced security. Google designed G Suite to address the underlying security implications of powering your business in the cloud. It’s secure by design, and includes enhanced security features such as built-in data protection, an optimised operating system, multi-layer infrastructure security and data encryption. 

Though G Suite offers a secure, reliable and compliant environment, it’s only as secure as your configuration. Google continually makes improvements and updates to make it systems more secure, and as an administrator, it’s crucial to stay abreast of the latest G Suite security practices to establish the most secure configuration posture for your organisation. 

Here are just a few of the most common best practices to keep your company’s G Suite data secure.

Create Secure Passwords

The most fundamental G Suite security practice is to ensure your users choose a strong password. Last year, Google participated in Safer Internet Day by releasing a report with some startling statistics on the state of password management. It found that 65% of people reused the same password on multiple sites and 51% had a favourite password that they stuck with for most things. And this, unfortunately, puts your business at risk, especially with data dumps making billions of login details available for download on the dark web. 

As a G Suite administrator, you have the ability to manage and track the password strength of every user across your organisation and ensure they meet your organisation’s compliance needs. Make sure you set minimum password requirements and educate your users on what makes a secure password. Your staff is often your first line of defense when it comes to protecting company data, so help you users by sharing some tips and advice for creating strong, secure passwords. 

To add an extra layer of protection, you’ll also want to enforce 2-Step Verification for all of your users. 2-Step Verification puts an extra barrier between your business and cybercriminals by having users authenticate their password with a verification code. 

Protect Against Phishing 

Phishing attacks – where a hacker attempts to obtain confidential information by impersonating a trusted source – continue to be one of the biggest threats facing businesses and a successful attack can have devastating consequences. In fact, one source suggests that phishing attacks account for 90% of data breaches. 

Fortunately, as a G Suite administrator, you can you can enable ‘Early Phishing Detection’ for your users. This Gmail security feature uses machine learning to identify emails that carry the threat of phishing and introduces a short delivery delay to perform additional security checks to protect users from phishing attacks. 

Limit Access to Third-Party Apps

Another common way that cybercriminals steal sensitive information is by impersonating Google apps to request and gain access to shared documents and data within your organisation. These can be difficult for even the most savvy user to detect, as the permission request looks like it’s coming from a trusted Google account. However, as a G Suite admin, you can take steps to prevent these malicious attempts by using OAuth apps whitelisting.

The OAuth apps whitelisting security feature lets you specifically select which third-party apps are allowed to access users’ G Suite data. Once an app is whitelisted, users can opt to grant authorised access to their G Suite apps data. With these security controls, you can help prevent nefarious apps from tricking users into unintentionally granting access to corporate data and putting your business at risk. 

Understand your Security Controls 

Running your organisation on a cloud-based suite like G Suite gives you greater access to security analytics and improved visibility into your overall security posture. G Suite has many layers of defence in place to guard against sophisticated attacks of all types, from encrypted data and machine learning that blocks malicious content to safe browsing protection. The question is: are you taking advantage of all of G Suite’s security features? 

To help you establish – and maintain- a secure configuration posture for G Suite, we’ve developed KA2’s Smarter Security Controls for G Suite Enterprise. Our Smarter Security Controls provide a best practice security implementation with actionable insights for your G Suite Enterprise environment. Not only does this provide with you recommended security controls for your organisation, but also gives you robust security management and detailed reporting. 

As a G Suite admin, you’re responsible for the protection of your organisation’s data. Make sure you’re configuration is as secure as can be – get in touch today with our security expert Justin Gibbs to discuss your G Suite security –