Google Drive Security Best Practices

While people tend to compare file storage service Google Drive to its biggest competitor, Dropbox, there’s a good argument to be made that the two platforms serve fundamentally different markets. Google Drive has tons of special appeal to enterprise clients: It’s great for collaboration, offers 15 GB of free storage, and allows access to the entire G Suite ecosystem of apps. But none of Google Drive’s features will do much good if enterprises aren’t able to secure what they store on it.

Businesses are responsible not only for their organization’s data, but for that of their employees and customers. That means that your clients should understand Google Drive security best practices inside and out if they’re going to make use of the platform’s considerable advantages. In this blog post, we’ll go over some common G Suite security concerns and explain what you can do to make your clients’ data less vulnerable.

What are some email security issues?

Some of the most widespread and financially damaging forms of cybercrime today take place over email, underlining the importance of G Suite email security. Phishing and pharming are two of the more common types of email scams that businesses have to be on the lookout for. While they are fairly similar, it’s helpful to understand the difference so you know what to look for when seeking out potential threats to the security of your Gmail account. Unlike other hacking approaches, phishing and pharming can typically be warded off through reliance on basic security best practices.

Phishing is the use of deceptive tactics to get an email recipient to reveal sensitive information to a hacker. An employee might receive an email that appears to come from your HR department. The email provides a link to what it says is your company’s new vacation policy. When the employee clicks on the link, they are asked to enter their G Suite credentials in order to see the document. But once they do, the employee reaches a dead end—the page they signed into was a “spoofed” page designed by a hacker to look just like Google’s sign-in page, allowing the hacker to phish your employee’s credentials and gain access to all the files in your Drive.

Pharming, by contrast, doesn’t depend on someone clicking on a deceptive link that directs to a spoofed page. It involves the hijacking of legitimate domains so that you’re redirected to web pages fabricated by the hacker, even if you typed in the URL to the legitimate domain. These attacks can only be stopped with careful attention to detail—users must always be on the lookout for websites that look suspiciously different than they did during previous visits. In the case of phishing attacks, you can identify potential threats by noting modified URLs or watching for strange language or requests coming from entities you’d otherwise trust.

Is Google Drive data encrypted?

In some cases, it’s not enough to simply take special care when entering sensitive information online—and many threats require strong data encryption to ward off these attacks. Luckily, Google Drive does offer 256-bit SSL/TLS encryption for files in motion and 128-bit AES keys for everything else, as well as two-step verification.

That said, Google Drive has seen its share of security vulnerabilities exploited. Hackers have taken advantage of weak servers that don’t support Google’s version of encryption, and security experts note that a man-in-the-cloud attack could be used to bypass encryption altogether by stealing a user’s synchronization code.

All this goes to show that while Google’s encryption is important, it’s best to add your own layer of third-party encryption to strengthen your defenses against clever attacks like these.