Don’t let these common G Suite vulnerabilities knock you on your @$$

September 11, 20174 Minute Read

Long gone are the days of yelling “D’oh!” because you forgot to save a document, thanks to online word processors and spreadsheets from Google. But it’s also easy to get complacent and fall prey to G Suite vulnerabilities.

You probably heard about the major phishing scam Google Docs was hit with in May 2017. Google quickly released new security features to end G Suite vulnerabilities. The breach was caused by a malicious app using Google sign-in, but there’s good news: External apps that ask for customers’ data are now more intensely scrutinized (whatever that means).

Anti-phishing measures from Google aren’t new. G Suite already boasts email attachment scanning, Safe Browsing, machine learning-based detection, and extra security measures for suspicious-looking logins. But despite Google’s responsiveness, G Suite vulnerabilities are still a popular threat vector, and both IT admins and users have to stay on their toes.

Third party apps and add-ons

May’s phishing scam via Google Docs was caused by a third-party app taking advantage of Google Sign-In. Add-ons and apps add functionality and boost productivity, but they’re big culprits for creating security holes. To work, they need access to Google accounts, as well as the abilities to edit or delete data and send emails on behalf of users, who can easily install these extras themselves. Be vigilant: Take advantage of the third-party app audit feature in the G Suite cybersecurity service that spots risky apps, and don’t be afraid to bonk permissions with a mallet. Users may complain, but put your foot down.

Sharing permissions

The features that improve collaboration are the ones most likely to open G Suite up to threats. You’ve probably felt your face go hot upon emailing a document to the wrong person. But there’s more for you to cringe about: You can also share a Google Doc with the wrong user. It’s not the end of the world if it’s to a coworker, but watch out for disgruntled employees exposing proprietary data to an outsider. Luckily, you can put controls in place to govern file sharing, like limiting permissions to read-only. Be sure to take advantage of the admin tools available to audit user behaviour and flag unauthorized sharing.

Unauthorized data access

Not only does accidental file sharing often put data in the wrong hands, but the convenience of the cloud can also lead to unauthorized access through poor password security, stolen credentials, malicious hacking, and stolen devices left logged in. Unauthorized access is one of the more dangerous G Suite vulnerabilities. Once a threat actor is through the door, they can wreak havoc before you even detect them.

Avoid these data breaches by (you guessed it) requiring strong passwords and teaching your users to recognize persistent threats, like phishing scams. Reinforce these best practices by using third-party monitoring tools to spot suspicious activity before it becomes a problem.

Data loss

You don’t need to worry about constantly hitting Ctrl+S to make sure your latest and greatest version is kept, but other user errors can lead to data loss. In Google Docs, if a file is deleted in one location, it’s deleted everywhere. G Suite does feature a file recovery option, but it’s for a limited window, so a third-party cloud backup tool is essential. It’s inevitable that a user will call you in a panic because they’ve lost a critical file on a deadline. Back up those files, and you’ll be their hero.

Ransomware

Ransomware is now the most persistent threat to organizations around the world. Cloud services are a prime target, including those offered by Google. Reduce the risk of hackers holding your data hostage by teaching your users to spot suspicious emails. And always be sure to patch. Make sure your organization’s software updates are dutifully and immediately applied. If worse comes to worst, you can restore “kidnapped” data through a backup snapshot.

G Suite vulnerabilities demand vigilance

Despite Google’s response to May’s phishing scam with an OAuth apps whitelisting feature—which enables admins to vet third-party apps that tap into user accounts—G Suite vulnerabilities aren’t going anywhere. Threat actors will persist in finding paths to compromise customer data and users will have unfortunate accidents, so it’s up to you to be the first line of defence.

But at least you don’t have to hit Ctrl+S every couple minutes.

Danny Bradbury December 27, 2017 4 Minute Read

Managing office etiquette in a controversial world

Office etiquette can become the first casualty as controversial topics sprout up in workplace discussions. What can business owners do to maintain it?

Danny Bradbury December 22, 2017 4 Minute Read

Rethinking the conservative C-suite

The conservative C-suite is risk-averse and hates spending money on technology. It may be time to reconsider and embrace the "as a service" life.

Jasmine W. Gordon December 8, 2017 4 Minute Read

Holiday pro tips for achieving IT continuity

IT pros don't need to dread holiday disasters with the right approach to planning for communication, secure sharing, and holiday connectivity monitoring.