Nowadays with increasing hacking and phishing attempts, Security is becoming is the major concern for all companies. Securing the data in big organizations are becoming more complicated day by day. But with G-suite it has become easy, Google has given many tools to secure your business data with G-suite like Vault, data loss prevention etc
With G-suite, Admins can easily use these tools and secure the data with few clicks, Here are some easy steps to deploy some fine-grained security controls for your organization.
Disable Automatic Forwarding
This option is to give user permission for forwarding their emails to a different address. This is a risky step if one sets the forwarding to an external address and this also helps when user account gets compromised. Disable the option will remove the user privilege to set email forwarding to any address. Admin can go to AppsG SuiteGmailAdvanced settings to disable this setting.
Enable hangouts Out of domain warnings
This will be a smart move if you allow your users to chat with external users (users outside your domain), Enable this option will Warn users when they start chatting with any outside and also split the previous hangouts groups, so external users will not able to see the chat history. It reduces the risk of business data leaks through hangouts. Admin can go to Apps > G Suite > Google Hangouts > Chat settings > Sharing options to enable this option.
Limited Google Group Access
Google groups are the discussion forums, here a group of user discusses confidential data like upcoming projects and much more. Making the group public risks the leakage of these data. Make the group secure by restricting their public access. Users external to our domains(members of the group) will not able to see the group data but they can send the emails to the group. Admin can go to AppsG SuiteGroups > Sharing settings. to enable this option.
Restrict Sharing the calendar
Calendar of a user or a calendar resource if mistakenly shared with an external user, they can know the schedules of upcoming projects and project details (if the project plan is attached to the event), This can cause a major security concern for the organization. To avoid these scenarios admin can restrict the calendar sharing outside the domain with only free/busy information.
Enable unintended external reply Warning
When a user replies to a mail, sometimes user sends a confidential data to some external users. In this Google has an embedded tool with Gmail inbox. If a user sends email to an external user which is not frequently contacted and also not saved in their contact list, Google will show you a quick warning before sending email to them. This setting is on by default for all G-suite users. Admin can check this option at AppsG SuiteGmailAdvanced settings > Unintended external reply warning.
Examine Third-party Apps access
Organisation and it’s users uses many third party OAuth apps. To make sure that the only important and required apps are enabled for your account, Admins can whitelist the Oauth apps and remove the ones which are not required. This will help the spammers and hackers to extract the data from users by tricking them. Admin can go to Security > More options>
Enable Phishing Detection before Delivery
Google always update the spam/phishing filtering system for its users. Enabling this option will check the mails for their authenticity before delivering it to a user. It uses machine learning to check the spam potential of the emails. It may delay some messages due to this rigorous checking of the mails. Admin can go to AppsG SuiteGmailAdvanced settings> Enhanced pre-delivery message scanning to enable this setting.
Limited Google+ sharing
Restricting Google+ will make the domain’s users page private in the domains level when an external person will search for that user, they will not get the domain profile or ant domain related stuff in Google+. Admin can go to AppsG SuiteGoogle+ > Advance settings and enable these settings.
Every domain has a different level of security settings as per their requirement. Following the above steps makes your domain data more secure and safe.