Enforcing Two-Step Verification (2SV)

The report identified that a primary security lapse is the failure to enforce Two-Step Verification (2SV), also known as multi-factor authentication, for all users. It was noted that this setting is frequently disabled or not mandated for privileged accounts, including Super Admins. This oversight provides a direct path for attackers with compromised credentials to access sensitive systems and data. Enforcing 2SV across the entire domain is a foundational security measure recommended in the report.

Auditing Third-Party App Access

Another major risk detailed in the analysis is unmanaged third-party application access granted through OAuth. Attackers have been observed creating malicious OAuth applications to maintain persistent access to a user’s data and services even after a password reset. The report advises administrators to regularly audit and restrict which third-party apps can request access to Google Workspace data, removing any that are unnecessary or unvetted.

The security guide also emphasized the importance of properly configuring email authentication protocols like DMARC, SPF, and DKIM to prevent domain spoofing and phishing attacks. Additionally, it highlighted the danger of maintaining an excessive number of Super Administrator accounts, advocating for the principle of least privilege. Finally, the report pointed out that Google Workspace does not generate alerts for many high-risk activities by default, such as a user disabling 2SV. It recommends creating custom alert rules for such critical security events. By addressing these five specific areas highlighted in the security analysis, organizations can substantially harden their Google Workspace environments against common attack vectors.