As someone who manages your company’s g suite accounts, your IT team knows that data loss can happen for many reasons. That’s why it’s essential to ask: What has your Google account been doing recently? hopefully not much. but you can, and should, check it out.
Human error, ransomware attacks, and protecting yourself with new compliance measures can cost you valuable time and resources. only a g suite backup tool can prevent data loss for you and your users.
If you are exploring this topic for the first time, some logins may surprise you. I identified accounts on what were likely intended to be “temporarily” connected systems, such as a meeting room desk, a personal laptop, and a spouse’s tablet. other times, I discovered active accounts on previously owned systems. from time to time, access to third-party applications appears.
To regain complete control over logins, you can take several actions. Start by revoking account logins from all other locations: access on other systems will then require authentication. You might also change your password, or enable two-factor authentication. (If you already use two-factor authentication, review your application-specific passwords.) See Google’s account help pages for more details.
You can avoid many account access problems simply by monitoring your account activity. All Google users are required to audit logins and monthly account activity, while administrators can review many detailed reports. Constant review of the information below helps reduce the possibility of unauthorized account access.
all users
logins
- To view recent gmail account activity from your browser,log in to gmail from your laptop (or desktop).
- scroll to the bottom of the page to find “last account activity”, then click “details”. you will see recent gmail login information in the list.
- To see additional activity, such as which devices and third-party apps have access to your Google account, go to https://myaccount.google.com/security and sign in.
- you will see:
- recent security activity
- your devices
- third-party apps with account access
- options for two-way verification steps
- options to verify it’s you when you log in
- and more
I would suggest that most google IT administrators review this login activity at least once a month. set up a recurring appointment in google calendar to reserve time for this review.
administrators
suspicious failed logins
If you’re a g suite admin, you can review many account activity reports. To access reports, sign in with your organization’s domain at https://admin.google.com/ and then select reports.
According to google support, admins can see a lot of updates from users and admins like:
- app outage alert: new, updated, or resolved outages in g suite status dashboard (g suite only)
- new user added
- attack based in government
- user suspended enabled
- suspicious login activity
- user deleted
- user with admin privileges
- user suspended
- user admin privilege revoked
- user password changed
- device compromise update
- activity suspicious mobile (any change in device model, serial number, wi-fi mac address, device policy enforcement privilege, manufacturer, device brand, device hardware, or bootloader version on the device of a user)
- calendar settings changed (g suite only)
- unit settings changed (g suite only)
- settings changed gmail (g suite only)
- changed mobile settings (any mobile admin settings change)
- exchange journal failure
- smart host failure
- tls failure
- incoming mail rate limiting
- smtp relay spa m
In particular, I recommend that all admins review login activity (within reports, choose auditing, then login). use the dropdown menu at the top right to filter logins. look at both “failed” logins and “suspicious” logins. a “failed” login may indicate that a user mistyped a password, although repeated “failed” or “suspicious” logins may indicate a potential problem. repeated failures deserve further investigation.
storage
I suggest you also check the user storage. Sudden changes in a user’s storage usage can indicate a potential problem. large increases or decreases may warrant additional review.
In the reporting section, select account activity, then choose “% Storage Used” to see a summary of storage activity by user.
In most cases, a review of logins and storage once a month should be sufficient.
Do you want to know more? read about organizational units and permissions in g suite.
take your time: do the review
It’s easy to get busy and skip simple security checks like these. if there have been no problems, the urgency of these reviews decreases.
Whether you’re a user or administrator, you need to be aware of your google account activity. so do the review to keep your google account and data safe.
In addition to monitoring your company’s g suite activity, it’s critical to make sure your data is safe and secure. For IT teams looking to protect G Suite data, reduce licensing fee costs, and streamline user lifecycle management, consider requesting a free demo to learn how Backupify makes it easy to recover critical data.
*note: backupify is no longer available for end user purchase.