Things to Check As Your Business
Business growth is one of the determining factors that your business is on the right track to absolute success. But this also entails new matters to settle and changes in your workplaces–especially in the context of your security.
When the number of your employees increases, the level of security in your business organisation should also improve, if not tighten up. So the question now is, do you know the prime things you, as the business owner, should look into when improving your organisation’s security? Do you know how to improve them and check upon them? Well, hop on this video, as I enlighten you in regards to this concern!
Business Security Protocols and Policies
Now, first up, making sure that correct security protocols and policies are in place is the number one thing that’s going to help you get the most out of business. Now, what are some really basic security protocols? Well, something like making sure that each time you create a file, it’s placed into a shared drive, which is owned by the company.
Place Company Files in a Shared Drive
It’s crazy how many businesses get this wrong, they’re creating files, either individually using their My Drive, or even sometimes using a Gmail account, particularly in the case of contractors. And what ends up happening is someone who is outside your business may own that file. Now with that file that they own, they are able to delete it, they’re able to remove it, and they’re able to restrict sharing from you. What that means is that at some point in the future, you go to open that file that you’ve been working on that a contractor created all those years ago, and all of a sudden, it’s disappeared from your drive.
So setting up something like shared drives inside of Google Drive means that anytime someone shares a file with someone in your team, it’s actually going to be created in a shared file, which is owned and controlled by the company. And what that means is that you actually have the security and the safety, that that file is not going to accidentally be deleted by the wrong person. So having those basic security protocols in place for your file storage also means that within the business itself, you’re not going to have the wrong files shared with the wrong people. For example, you have a budget or a profit loss, or maybe a list of wages, or maybe a commission’s report, and it’s sitting in a spreadsheet, and someone on your finance team shares that via a link using Google Docs to someone else on their team. Now, that doesn’t seem too harmful in itself. But what tends to happen from time to time is one person drops it in chat or another person forwards it to someone else. Or maybe someone is searching for their commission framework on the sales team and accidentally stumbled across the commission reports on the finance team. And you know, maybe you don’t want them to have access to all of the reports in all of their detail. It inevitably ends up happening, that the files are accidentally shared with the wrong people, information can leak either inside or outside the business.
Set up Group-based permissions using Google Workspace
So when you set up group-based permissions using Google workspace, and we have other videos on how to do that, and you connect to each individual team member and set a basic policy in place that every file must be stored into a shared folder, then you can make sure that those files are shared with the right people automatically, and they’re protected as well. You want to have a culture of putting things into folders, and not just sharing them willy nilly one by one.
Business Account Security
Next up, let’s talk about account security. Now, this is one of the most basic features of Google workspace that most business owners we work with have not yet enabled. And it’s called two-step verification or two-factor authentication.
How Two-step Verification Works
Now what this does is just like your bank token, when you go to log into your account, you’ll receive a text message or a code on an app on your phone. And that will allow you to put in a unique six-digit code to give you access to your account the first time that you sign in on a new device. Now this code is rotated and you’ll probably be asked for it about once a month, and you can ensure that even if someone gains access to your username and your password for your email address your Google account, they’re not able to get access to your account without a second-factor device typically going to be your mobile phone, which is with you at all times.
Two-step Verification with Google Workspace
Now in the Google workspace admin panel, you can actually enforce two-factor verification across all users. As a requirement, you can make that a policy so that each new user is created, they have to actually, within a number of days, create their own password and create a two-factor authentication token for their account as well. And what this does is that this is going to block out most of the phishing or social engineering attacks that can infect an account, and it stops a lot of malware, which uses a login for your account to get access to your details as well and educate your staff. anytime they ask for that six-digit code, they really need to ensure they are on Google’s website? Are they actually accessing their account? Is this a device that they want to have access to their account from now forwards, and making sure that everything is safe thereby policing the two-factor authentication?
Bring Your Own Device Policy
Third, I want to talk about some of the risks with a Bring Your Own Device Policy. Now, many businesses have a kind of hybrid setup, particularly in the small business world, where some devices are may be issued by the company and some devices are owned by employees, and those employee-owned devices are called bring-your-own devices. Now, unfortunately, most customers in most businesses will leave that device policy to be pretty open and willy nilly, meaning that someone can grab a mobile phone and sign into their business account and have excellent access to all their data on their phone. Or they can log in with a laptop or a computer and access all the data from it. Now most phones and computers, when you set them up, will prompt you to set up a passcode on your phone or on your computer when you first open the lid. But not everyone actually sets that up. And some people will actually leave corporate data on a device that could potentially be accessed by other people. Now that might be someone leaving their phone on the train, and they don’t have a passcode on there. And anyone can pick up that phone and access your company information. Or it might be the spouse or partner or another family member of one of your employees sitting down at the Family Computer and starting to go through your business information. Now, it’s not a massive risk for someone to nefariously, you know, go through your data, it’s very unlikely that you know someone’s partner or their daughter or their son or their uncle is gonna want to actually jump into your business information. But what is possible is that someone else accidentally downloads a spreadsheet and leaves it sitting on their desktop.
Dangers of Social Engineering Attacks on Businesses
If you have that policy set up on the phone, where someone doesn’t have to actually enter a passcode on the phone to log in, then what can happen is when that phone is lost on a train and someone else opens the phone, they may use that email address to actually attack the business through a social engineering attack. What might that look like? Well, if it’s your CFO who’s lost their phone on the train, you might get an actual legitimate email from your CFO saying, hey, I need you to transfer $10,000 to this account, please. Otherwise, this supplier is going to get switched off knowing well all the suppliers from the inbox and knowing well that you already trust them on the emails that you do back and forth with them. And that may end up in you transferring money to someone who’s outside your business. And sadly, this kind of thing happens all the time. So how can we protect that? Well, that’s by using something called a device policy.
Google Device Policy
Within Google workspace, you can configure a Google Device Policy. And that device policy will allow you to set certain elements and things that have to be set up on the mobile phones that connect to your accounts before they can actually access information. Now, of course, coupled with a two-factor authentication policy, that makes the devices very well secured. Because when someone goes to log in with their account, they have to enter the two-factor code. And then once they are logged in, it’s automatically going to push down policies to each of the mobile phones. And that could be a phone, it could be a laptop, it could be an iPad, anything like that, you want to make sure that that policy is ensuring the level of access available on that device.
There are even some more advanced features like device approvals. And device approvals allow you to see anytime a new device connects to a corporate business account, verify with that user that they actually were the ones signing into that account, and manually approve those logins every single time they happen. What that does is it gives you a whitelist for devices so that you know every single device connecting to your workspace account.
Takeaway for Growing Businesses
Now I’ve shared with you just three ways that you can increase the security of your Google workspace account if you’re a business that has more than 20 employees. And if you’re less than 20 employees, well, you could probably take some tips from this as well and inspiration, because it’s never a wrong time to start with getting the security and the scale plan right for the tech in your business. But if you are a larger business, and you’re interested in chatting with our team, these are just three things that we’ve looked at here, we have a checklist of nearly 100 items that we will check right across your Google account, and actually ensure that your security is set up to protect your business as you grow and scale. And because we’re Google experts, we know what to look for inside your Google account. So you don’t have to spend hours and hours and hours poring through the administration manuals and trying to learn what’s important to protect your account yourself. Leave it to the professionals and our team can help out. If you’re interested in that, jump over to the link below. And you can fill out a request form to have an audit from our team and I look forward to chatting with you soon. If you’re a small business and you’re interested in working with us, then check out some of the other videos on it. Let me know what you think about this in the comments and I look forward to seeing you next time.
To know more about how to improve your security, hit us up here –> https://onsitehelper.com/enterprise-level-workspace-security-audit/