Google Workspace Security Advisory: Addressing Identified Security Gaps

 

Key Security Issues Identified:

  1. Data Protection Enhancements Needed:
    • Review existing security policies and ensure that sensitive data is protected with appropriate access controls.
    • Recommended Action: Enable advanced security features like Data Loss Prevention (DLP) and encryption.
  2. App Access Protections:
    • Unauthorized app access can compromise organizational data.
    • Recommended Action: Restrict third-party app access and enforce OAuth-based security protocols.

       3. Improve account security:

  • Enforce strong passwords & allow passkey sign-ins

 

  • Strong passwords are passwords that meet Google’s security standards. If you enforce them, users with weak passwords will be required to create strong passwords at the next sign-in.

     Signing in with passkeys on devices provides better protection against phishing. If you allow passkey sign-in, users will be able to skip passwords and sign in using just a passkey. 

 

  1. Account Security Improvements:
    • Issue: Users are missing Two-Step Verification (2SV) protection.
    • Why It Matters: Accounts without 2SV are more vulnerable to unauthorized access.
    • Recommended Action: Enforce mandatory 2SV across all users for enhanced account security.




Action Plan for Securing Your Organization:

  1. Review Security Insights: Use the Google Admin Console to assess identified security threats and take corrective actions.
  2. Enable Advanced Security Features: Leverage Google Workspace’s security tools, such as Enhanced Safe Browsing and security sandboxing for emails.
  3. Train Employees on Security Best Practices: Conduct regular security awareness training to help employees recognize phishing attempts and other cyber threats.
  4. Monitor and Audit Regularly: Set up automated alerts and conduct periodic security audits to ensure continuous protection.


Next Steps:

  • Click ‘Security adviser’ in the security to implement suggested security measures.
  • Work with your IT team to address all identified gaps promptly.
  • Stay proactive by subscribing to Google’s security updates and best practices.

For further assistance, feel free to reach out to our GoDMARC support team.



Stay secure, stay protected!