Security in Google Workspace goes beyond strong passwords. Here are the configurations and policies I recommend for enterprise teams.
Enable 2FA Everywhere
Require two-factor authentication for all users. No exceptions. Use security keys or authenticator apps, not SMS (SMS is less secure).
Use Security Policies
Set up security policies: Restrict where users can sign in from, require strong passwords, enable security keys for admins, set up data loss prevention (DLP) rules.
Audit Logs Are Your Friend
Enable audit logs. Monitor for suspicious activity: Unusual sign-in locations, bulk email sends, unusual file access patterns, admin actions.
App Permissions
Review third-party app permissions regularly. Only allow apps that are necessary. Use app access control to restrict what apps can access.
Data Protection
Use DLP rules to prevent data leaks. Encrypt sensitive data. Set up data retention policies. Regularly review shared files and folders.
Security isn't a one-time thing. It's an ongoing process of monitoring, reviewing, and updating policies.