Google Workspace Security Hardening: Complete Guide for Small Businesses

MFA blocks the vast majority of account takeover attempts. In Admin console > Security > Authentication > 2-step verification, check Allow users to turn on 2-step verification, set Enforcement to On, choose enrollment period (2 weeks recommended). Require Security Keys for all admin accounts.

Minimize Super Admin Accounts to exactly 2 (1 primary, 1 backup). Create Delegated Admin Roles for User Admin, Security Admin, Help Desk with minimal necessary privileges. Never use super admin for regular email.

In Admin console > Security > API controls > App access control, block high-risk apps by default, create allowlist of approved applications, review Apps with access to data regularly. Block access to Less secure apps.

Enable Advanced Phishing and Malware Protection in Apps > Google Workspace > Gmail > Safety. Enable all protection options. Configure SPF record: v=spf1 include:_spf.google.com ~all. Enable DKIM in Authentication settings. Configure DMARC starting with monitoring mode.

In Apps > Google Workspace > Drive and Docs > Sharing settings, configure sharing options appropriately. Enable Warn when sharing outside your organization. Restrict Anyone with the link sharing. Set default link type to Specific people.

Enable Device management in Admin console > Devices > Mobile and endpoints. Require screen lock, enable remote wipe, require encryption, set minimum OS version requirements, block access from rooted/jailbroken devices.

LayerLogix provides Security Assessment, Hardening Implementation, Ongoing Monitoring, User Training, Incident Response, and Compliance Support for HIPAA, PCI-DSS requirements. Contact us for a comprehensive security assessment.