Google Workspace has outstanding security, however, it’s always a good idea to do what we can from our side to prevent an unexpected cyber attack. This will also life easier if you ever need to recover an admin account. Let’s explore the 4 expert strategies you can use to enhance the security of your Google Admin account.
1. Keep your Admin Account Safe
Make sure to use 2-Step Verification for admin accounts
It’s vital for super admins to use 2-Step Verification because their accounts control access to all the business and employee data. If someone gets hold of your admin password, 2-step Verification helps stop them from getting into the account without your permission.
Use security keys
Among other methods for 2SV, such as Google Prompt, Google Authenticator, and backup codes, security keys stand out as small physical devices used for the second level of authentication. They’re crucial in preventing phishing threats and offer the highest level of security for 2-Step Verification.
Avoid sharing admin accounts between different users
Provide each admin user with their own unique admin account. If multiple individuals use the same administrator account, like , it becomes tricky to track which administrator is accountable for which actions in the audit log.
Protect yourself from targeted attacks
Sign up super admin accounts and other sensitive accounts into the Advanced Protection Program. Many of the tips discussed in this article can be implemented there.
2. Manage super admin accounts
Establish multiple super admin accounts for your business
Each account should be managed by a different employee to avoid sharing admin accounts. Having more than one ensures that if you lose an account or one is compromised, another super admin can handle important tasks while the affected account is being recovered.
Avoid using a super admin account for everyday tasks
Instead, assign each super administrator two accounts: one for their super admin duties, like setting up 2-Step Verification or managing billing, and another regular account for daily activities. Super admins should log in to their super admin account solely for tasks that require those elevated permissions. This separation helps maintain security and prevents unnecessary access to elevated privileges during their routine work.
Make sure you don’t miss important messages for admins.
If you don’t use your main admin account often, you might not see important updates from Google. To make sure you get these messages, set up another email that you use regularly to get these announcements too.
If you’re not using your super admin account, log out
Keeping a super admin account signed in when you’re not using it can raise the risk of becoming a victim of phishing attacks. Super admins should log in only when they need to perform particular tasks and log out afterwards.
Use regular admin accounts for everyday tasks
Only use the super admin account when really necessary. Give admin jobs to user accounts with limited powers. Each user should have just enough access to do their job. For example, an admin might help make user accounts and reset passwords but not be allowed to delete them.
3. Watch the activity on admin accounts
Start getting admin alerts via email.
Keep an eye on your admin actions and security risks by setting up email alerts for specific events, like suspicious sign-ins or changes made by another admin. When you turn on an alert for something, you’ll get an email each time it happens.
Look through the Admin audit log
The Admin audit log can show you a list of all the tasks done in the Google Admin console. It shows you who did the task, the date, and the IP address used to sign in.
When the super admin does something, it shows up as _SEED_ADMIN_ROLE in the Event Description column, followed by the username.
4. Prep for admin account recovery
Have ways to recover admin accounts.
Admins need to set up recovery options for their admin accounts. If an admin forgets their password, they can click the Need help? link on the sign-in page, and Google will send a new password via phone, text, or email. To set this up, Google requires a recovery phone number and email address for the account.
Keep important information nearby (in a safe place)
In case a super admin can’t reset their password via email or phone recovery and another super admin isn’t available, they can resort to the recovery wizard.
To confirm identity, Google asks questions related to the business’s account:
- Account creation date.
- Original secondary email used during signup.
- Google order number (if applicable).
- Total user accounts created.
- Billing address connected to the account.
- Type and last four digits of the credit card used.
Google also needs the admin to check that they own the website’s address. This means having the codes to change how the website works using the company that manages the website’s address.
Get a backup security key
Admins should sign up for more than one security key for their admin account and keep it in a secure spot. If they lose or someone takes their main security key, they can still log in to their account.
Backup your codes
If an admin loses their security key or phone, which they use for the verification code or Google prompt, they can use a backup code to log in.
Admins should create and print backup codes just in case. Keep these codes in a safe place.
Safe and sound
And there you have it! 4 expert strategies you can use to enhance the security of your Google Admin account. Setting up these four security strategies will leave you feeling like an absolute admin guru and your Google admin accounts will be extra safe and secure against cyber threats. You’ll be thanking us in the long run should you ever run into a problem!
Hey, you can thank us in advance right now by signing up for our weekly newsletter! We share all kinds of Google Workspace tips that will transform you into a Google Workspace superstar.