If your business uses Google Workspace (formerly G Suite), then you have at least a nodding acquaintance with Google Drive.
Google Drive, of course, is Google’s storage and real time synchronization service for all file types, and is bundled with Google Workspace subscriptions. Google Drive provides you with cloud storage, shared drives, and the ability to work with team members across the world.
But what about Google Drive and cybersecurity? Can you trust it to protect your most sensitive and valuable corporate data?
Overall, the risk involved in using Google Drive is low. Google protects its servers with 256-bit Advanced Encryption Standard (AES) encryption, while also using the Transport Layer Security (TLS) protocol to protect data in transit.
However, low risk isn’t no risk.
If you want to reinforce your file security within Google Drive, here are five ways to do so:
1. Protect Employee Gmail Accounts
The attack vector of choice these days is email. Business and employees are facing big challenges these days, and predators are hoping to catch you off guard. If you want to protect your Google Drives against cyberattacks, start by protecting the Gmail accounts that give hackers access to Google Drives.
Step 1: Strong passwords
Create a policy for employees to use strong passwords, passwords that they update regularly. Strong passwords contain a large number of characters, and a mix of characters, including uppercase and lowercase letters and special characters.
Step 2: Two-factor authentication
Don’t let your staff protect their accounts with usernames and passwords alone (single-factor authentication). Instead, insist that they use multi-factor authentication, such as a security token or biometric factor (fingerprint or facial scan).
2. Insist Employees Use a VPN When Working Remotely
A common way for hackers to compromise corporate networks is by infecting laptops that staff use to connect to public Wi-Fi networks while away from the office. Surfing the web and transacting business over public internet connections exposes a user’s private information and browsing habits.
The solution is to insist that employees always use a virtual private network (VPN) when connecting to the internet while working outside your protected corporate networks.
A VPN creates a private network for your employees when they connect to the internet over public connections. It establishes a secure and encrypted connection and increases the privacy level of even secured Wi-Fi hot spots.
3. Encrypt Data Before Uploading it to Google Drive
As mentioned, Google encrypts unlimited storage on its servers and doesn’t give your employees the option of encrypting files in Google Drive.
But if protecting your data is vital to your organization, you can use a third-party encryption tool, such as Boxcryptor and Cryptomator, to encrypt files before saving them in Google Drive.
Admittedly, using a third-party file encryption tool adds another step when saving files, something that will be cumbersome for staff. But if you want to make Google Drive extra secure, third-party encryption is the way to go.
4. Adopt PoLP for File Sharing
Hackers that use phishing to attack corporate networks rely on the fact that employees share Google Docs, Google Slides and Google Sheets freely and frequently with colleagues, consultants, contractors, vendors and suppliers.
And most employees, by default, give every recipient “Editor” privileges when they share files, because Editor is the default setting in Google Drive.
This gives each recipient near-administrator level control of the document. They can change the document name, change permissions, add users, share the document…there’s almost no limit.
You can see how this could become a problem.
A data loss prevention best practice for sharing files with Google Drive is the Principle of Least Privilege, or PoLP. When your workers follow the Principle of Least Privilege, they give each recipient of their files the least amount of control over those files as is necessary.
In Google Drive, this option is Viewer. The next option up the privilege ladder is Commenter, which gives recipients a little more control of the file. And the top-level privilege is Editor.
To enforce the Principle of Least Privilege, train your staff to never use Editor as the default sharing option for their docs, sheets, and slides, but to instead to always use Viewer. This is a culture shift that requires training, monitoring and refresher training.
5. Use Endpoint Management on All Devices
Sometimes the security vulnerability that you face isn’t Google Drive itself, but the devices that access it. One way to increase the security of your Google Drives is to manage the devices your employees use to access Google Drives.
You do this with a third-party endpoint management solution that monitors desktops, laptops, tablets and phones—every device that accesses your corporate networks.
Endpoint management solutions let your administrators lock screens, wipe devices and block access from desktop sessions. They also let you monitor who is logging in, and what they are doing when logged in.
Google Drive for Business…and Security
Increasing the security of Google Drive is a mix of protecting accounts, employing best practices and using third-party software tools.
If you are contemplating moving your applications, data and workloads to Google Workspace (or another cloud service provider), read our Guide to Migrating to the Cloud: How to Select the Right Cloud Technologies.