IN-HOUSE PREVENTION

Using Google Drive? Don't Risk Any Data Leaks

5 minutes reading

by Amer Owaida

Cloud storage is quickly and easily accessible from almost any digital device with an internet connection. It's no wonder that this solution has become so popular among many companies. However, it can also pose a risk to your cybersecurity. Let's take a look at how to protect cloud storage on one of the most popular cloud storage providers – Google Drive.

This is an audio version of the article:

Did you like it? Let us know what you think about this initiative by completing a 2-min survey.

According to research conducted by the IBM Institute for Business Value, about 98% of companies plan to use multiple hybrid clouds by 2021. As the use of connected devices increases, so does the risk of data theft. Cloud storage services are still improving their security, but that does not mean data breaches cannot occur. So, what are the best practices if you want to minimise cyber risk? We took a closer look at Google Drive, one of the most popular cloud storage providers.

Share with care

The advantage of Google Drive is that employees can not only share files with each other, but also collaborate on documents in real time. However, they should think twice when granting permissions. When only sharing of the folder is needed, they should choose the 'viewer' or the 'commenter' roles. These options enable users to either view or comment on the files in the folder. But when they need to collaborate with others on particular documents, they should choose the 'editor' role, who can organise, add, or edit files.

There are two ways to set permissions. Your employees can do it directly in a document by inviting other users to share files. They can also send a link, for example, via email. Google Drive allows people to generate links with specific permission. Furthermore, all permissions can be edited. Should the file owner need to stop sharing the file with a particular person, no problem  it takes just a few clicks to remove that individual's permissions.

When link-sharing is enabled, be careful. Anyone with the URL can access the document. So, the document creator cannot be sure where the link will end up. To avoid needing to enter the same email addresses over and over again, try using Google Groups instead of just passing along a link (check tutorial here). Managing permissions may takes some extra time but ultimately, your company data will be under control.

 google drive security tips google groups settings

Make sure your account is secure enough

Instruct your employees to set a strong password. It may sound obvious; however '123456' is still one of the most common password choices. Nevertheless, creating a strong password is just one of the many security measures you can take to secure your account. Think about an extra layer of security, the two-factor authentication (2FA). This method of confirming a user's identity consists of a both password and a second factor – which could be something you have (a physical key or a security token) or something you are (a fingerprint or a retinal scan). With 2FA, even if your password gets stolen, your account is still under protection. Eager to learn more? Read this article about password policies.

Check the apps before you download

Third-party add-ons can be useful. They help to boost productivity and save time. However on the other hand, they can do harm in some cases. Installing one of the add-ons from G Suite's Marketplace requires a careful approach. First of all, your employees should read the reviews and ratings of the add-on they would like to install. Then they should go through the vendor's privacy policy, terms of service and deletion policy. If there are any questions or uncertainty, they shouldn’t hesitate to contact the vendor and ask. Also, consider allowing employees to install add-ons in the browser.

Don't forget to encrypt your data

The good news is that data in various G Suite services are encrypted both in transit and at rest. But if your employees encrypt the files on their end devices, the protection of the data will increase even more. That is the so-called 'client-side' encryption. When users upload encrypted files to the Cloud, documents remain useless for attackers, since they do not own a decryption key. There are many encryption solutions you can choose – read more on which one is the best for your business.

Be cautious

All the above-mentioned recommendations can prevent data leaks. Make sure you always know who you share the data with and how the file will be accessible. Don't forget to perform regular audits as well. They will keep you informed on how secure your drive is. The more cautious you are, the better protected your data is.