Did you kow that in the 2021-2022 financial year, the average cost per cybercrime reported to the Australian Cyber Security Centre (ACSC) rose to over $39,000 for small businesses? And it’s not just the financial cost – if someone gets hold of your clients’ personal data you could find yourself in breach of privacy laws or dealing with the reputational fall-out of such a breach.
The ACSC recommends that as a starting point, all small businesses turn on the following three measures to help protect yourself against common cyber security threats:
- Turn on multi-factor authentication
- Update your software
- Back up your information
And in this article we’ll go through how to implement these three measures in your Google Workspace set up.
First: Turn on multi-factor authentication
But what is multi-factor authentication (aka two-step verification)?
Essentially it is a security measure that uses a combination of something you know (like a PIN or passphrase) and something you have (like a physical token or your fingerprints) to control access.
Getting started
Every software application that you use should offer MFA / 2SV in some fashion or another and Google Workspace is no exception. Find out how to set it up here.
But be cautious about how you set up your authentication process – by default most applications offer to send an SMS to your phone (the ‘what you have’ part of the 2 steps). This isn’t so secure anymore though, as scammers can transfer your phone number without your knowledge – meaning they can reset passwords and get access!
Google Workspace itself discourages the use of text messages because they can so easily be intercepted. Instead, they recommend using physical Security keys; Google Prompts or the Google Authenticator app (available for both Android and iPhone users).
For small business owners I usually recommend setting up either Google Prompts or the Google Authenticator (though at the moment I am using Passkeys in my own MFA set-up).
And if your other software providers offer alternatives to text messages, then definitely select that option – most will offer to use an Authenticator app of some sort.
Next: Keep your software (and devices) updated
Why is it necessary to keep software updated?
No software application is perfect – there’s always a bug or two, and sometimes those bugs can leave the system open for hackers to gain access to your machine or data.
Reputable software developers are always on the look-out to close those holes, and will issue updates – ensuring they are applied is one of the strongest defensive tools in your cyber security strategy.
Getting Started with Software updates
Updates really aren’t an issue with your Google Workspace software – Gmail; Drive; Docs; Sheets etc – since they are all cloud based applications and Google automatically applies security updates to them as necessary.
However, if you do run other applications that are installed directly on your computer – like a payroll application perhaps – then make sure you update them regularly.
This applies to your website as well and any plugins that you might have installed on your website.
Most software applications will have a setting to either update automatically, or send you notifications that an update is needed. I recommend choosing automatics updates wherever possible so there’s one less thing to add to your to-do list!
And don’t forget to turn on automatic updates for all your computers; phones; and tablets!
Finally: Back up your information
Why is it necessary to back up information?
If you’ve got data stored on your computer or other device, and that device is damaged through hardware failure or a virus; or even if you simply lose it, then without a stand-alone back up your data may be lost forever.
Similarly, if you lose access to your online files, through a ransomware attack for example, then being able to restore your data from an offline backup will enable your business to recover and start operating again sooner rather than later.
Layers are the key to backups
Note, the key here is to have multiple layers of backups. It’s not enough to have your data backed up in a folder on your computer or in the cloud somewhere, they need to also be in a secondary location that is separate to your computer or your cloud server.
A strong recommendation is to put your data on an external data storage medium like a USB stick or external hard drive, and back the data up regularly.
This is one area that Google Workspace is lacking in sadly. Because everything is cloud-based it’s actually quite difficult to create a backup of your information.
There is an option to Export Data from within the Google Workspace Admin Console, or use Google Takeout as a front-end user but importing the data back into Google Workspace afterwards can be tricky.
And you can only export all data once every 30 days (under Export Data) which makes it inadequate for recovery purposes.
So, a vibrant 3rd party marketplace has sprung up to fill this gap! Things you should consider when looking for a 3rd party app to back up your Google Workspace data:
- How easy is it to export your data, including emails?
- How easy is it to import that data back into Google Workspace if you need to?
- What is their privacy policy? Do they store your data on their own servers for any length of time? If they do, that’s an immediate red flag!
- Can you automate your data backups? If you don’t have to manually remember to backup your data, then there’s more chance they’ll get done!
Some possibilities include:
And there you have it
The three things you really must do to ensure a more secure operating environment for your small business:
- Set up multi factor authentication (2 Step verification) for absolutely everything.
- Ensure you update your software (for everything other than Google Workspace!)
- Back up your data on a stand-alone device even if you’re using a cloud service.
Want more personalised help?
I hope this article was of assistance to you, but if you want more personalised help with your Google Workspace issue then why not get in touch?