Google Publishes Best Practice Guide to G Suite Admin Security and Privacy Settings

Recently Google added help article #7587183, Use settings to improve security to the online G Suite Administrator Help.

The article describes 53 settings in the Google Admin console you can use to improve the security and privacy for each of the “Core” tools as well as Google+, Chrome OS, Chrome Browser and more. Each item briefly explains a setting and recommends a best practice for how to use that setting. For each item, there’s also a link to more information and detailed instructions for the setting.

Here are three settings that are worth noting

  • Whitelist connected apps: G Suite security settings to block certain API access (e.g. Drive, contacts etc.) and create whitelists that define which specific apps can access blocked scopes. Given the recent news that Cambridge Analytica was able to acquire Facebook data via a 3rd party app, this is something that  G Suite admins may want to look into.
  • Set up SPF, DKIM, and DMARC:  A useful security setting to reduce the change of phishing exploits against your users. I did some research back in late 2016 that indicated that G Suite domains were less likely than O365 domains to have implemented this protection.
  • Disable Location History: Disable the Location History service to prevent users’ location history from being saved. This setting, which can be applied to all users or to specific ORGs, is one the many privacy differences between G Suite and consumer Google accounts.