Nilescript

Nilescript

Maximize Security in Google Workspace: Features You Should Enable Today

  • Last Updated: November 20, 2024

Table of Contents

Google Workspace is one of the most popular productivity platforms, with over 6 million paying business customers. However, this massive user base makes it a prime target for cybercriminals who can take advantage of businesses that don’t take full advantage of the security features of this platform. The good news is that Google has invested heavily in the security of this platform, which is evident in its security features. To help you get started with securing your Google Workspace, I will share the crucial security features that you must configure.

The 5 Major Security Features You Should Enable

1.     Step Verification (2SV)

2-Step Verification (2SV), or two-factor authentication (2FA), adds an extra layer of security by requiring users to verify their identity with a second step—like a phone (with an authentication app) or a security key—after entering their password. With 2SV, even if an attacker gets access to a user’s password, they cannot access the account without this second factor, making it much harder for unauthorized users to gain access. 

To set up 2SV, follow these steps: 

  • Open the Google Admin Console and login if you’re already signed in.
  • Go to Security > Authentication > 2-Step Verification.
  • Click on 2-Step Verification settings.
  • Under the enforcement section, you can choose to implement 2SV immediately or after a certain date to allow your team some time to set it up for their accounts. 
  • You also have the option to enable it for specific organizational units or user groups in your domain.

2.     Enforcing Strong Password Policies

If you’re reading this, you probably already know the downsides of using easy-to-guess passwords. That’s why it is crucial to enforce a strong password policy that requires users in your domain to create passwords that are difficult to guess or crack. These policies can include requiring longer passwords, complexity (mix of uppercase, lowercase, numbers, and symbols), and expiration periods.

Follow these steps to configure password policies in Google Workspace

  • Open Google Admin Console 
  • Go to Security > Overview > Password Management.
  • Under Password Management, you can set the minimum length for passwords, require specific password characteristics (such as uppercase letters, numbers, etc.), and set how frequently passwords must be changed (expiration period).
  • Google Workspace also gives you the option to apply the policy across your organization or specific organizational units.
See also  Microsoft Defender for Office 365 Key Security Features to Utilize 

3.     Passwordless (Using Passkeys)

If you want even more advanced security and an improved user experience, you can choose to enable passkeys. With passkeys, users in your domain can log in using passkeys instead of traditional passwords. A passkey provides a more secure way to authenticate users because it combines cryptographic keys (private keys) stored on the user’s device with their public keys stored on the servers of the platform they want to access (Google Workspace in this case). 

Passkeys are considered stronger than passwords because they are less vulnerable to phishing, and users don’t need to remember or type them in. It is important to note that user passwords will still exist even when passkeys are enabled. However, the ultimate goal of passkeys is to completely eliminate passwords, at which point we will fully experience the security benefits of passkeys.

Steps to configure Passkeys: 

  • Open Google Admin Console.
  • Go to Security > Overview > Passwordless.
  • Turn on the option to Allow users to skip passwords at sign-in by using passkeys.
  • You also have the option to choose who in your organization can use this feature by assigning it to certain users, groups, or organization units. 

4.     SPF (Sender Policy Framework)

SPF (Sender Policy Framework) is a system that helps prevent email spoofing. It lets domain owners decide which mail servers are allowed to send emails to their domain. These SPF records are stored in your DNS settings. For example, if you use Google Workspace, you can allow Google’s servers to send emails to your domain.

See also  Microsoft Defender for Office 365 Key Security Features to Utilize 

You can run your own email server, but it’s an extra cost that can be avoided. Without SPF, attackers can send fake emails that look like they’re from your domain, which can damage your reputation and help spread phishing or malware.

To Configure SPF for your domain, follow these steps: 

  • Generate the TXT value by going to your Google Admin Console > Apps > Google Workspace > Gmail > Authenticate Email. Generate the TXT value, which will be needed when configuring your domain’s DNS settings in the next steps.
  • Visit your domain service provider’s website and access your DNS settings.
  • Add a TXT record for SPF, specifying the type as TXT Record, the hostname as google._domainkey, and input the text value you generated earlier. Leave the rest of the settings as default. Please note that DNS records may take a couple of hours to propagate.
  • Once the records propagate, verify the record through your Google Admin Console by going to Admin Console > Apps > Google Workspace > Gmail > Authenticate Email. Click the Start Authentication link.

5.     Enable DKIM (DomainKeys Identified Mail)

DKIM adds a cryptographic signature to your outgoing emails, making sure all emails sent are not altered during transit. Recipients’ mail servers use the DKIM signature to verify that the email was indeed sent from an authorized domain. The main role of DKIM is to ensure the integrity of your emails and help prevent attackers from tampering with messages in transit.

Follow these Steps to configure DKIM:

  • In Google Admin Console, go to Apps > Google Workspace > Gmail > Authenticate Email.
  • Select Generate new record to generate a DKIM key.
  • Copy the generated DKIM record and add it to your domain’s DNS as a TXT record using the same procedures, we previously covered. 
  • After setting up the DNS record, return to the Admin Console and click the “Start Authentication” link to verify that the records work as expected. 
  • Once enabled, DKIM will automatically sign all outgoing emails from your domain with the appropriate key.
See also  Using Amazon Q Business to Unlock the Power of Your Data

Anti-Spam and Phishing Filters

Google Workspace includes advanced spam and phishing filters that automatically analyze incoming emails and block suspicious or harmful content, such as phishing links, malware, or unwanted emails. These filters help mitigate phishing-related attacks by blocking most of the harmful content before it reaches the users’ inboxes.

Follow These Steps to Configure Anti-Spam and Phishing Filters

In the Google Admin Console, go to Apps > Google Workspace > Gmail > Spam, Phishing, and Malware. You then can fine-tune the behavior of these filters by setting up:

  • Spam filtering: Choose whether to send suspected spam to the spam folder, quarantine it, or reject it altogether.
  • Phishing protection: Enable protections like the warning banner for emails that look suspicious.
  • Malware protection: Automatically block attachments or links that are known to carry malware.

You should also consider using Admin quarantine to review suspicious messages before delivering them to users. This gives you proper control over false positives. 

Related Posts

Further Reading

Facebook Twitter Youtube Reddit Linkedin Quora Instagram

Privacy Policy

ABout us

© 2024 N I L E S C R I P T