Use G Suite Administrator Settings to Protect against Ransomware

SaaS apps have done wonders for collaboration and convenience for education. Unfortunately, they have also made it easier and more convenient for ransomware to spread. Ransomware most often infects cloud data via phishing attacks in email, however the sync client in most cloud applications open another area where ransomware can sneak into your system.

While having a backup of your cloud is the only true method for recovery from an attack, you can take preventative measures in your sync client settings to avoid falling victim to certain types of ransomware.

To start, we’ve put together some tips for the optimal G Suite Administrator Settings:

Think Before You Sync

If you use G Suite, one of your defenses against ransomware should be to prohibit access to the Google Drive sync client. This prevents MacOS and Windows users from installing the sync client on a system.

With Google Drive Sync disabled, if a ransomware attack strikes in any other area of your business and encrypts local files, the changes won’t sync. This is a preventative measure against locally encrypted files becoming encrypted files on Google Drive files.

Block email attachments

Email attachments can also be a threat. While Google’s systems scan email to detect harmful files, they can’t detect all destructive payloads. For example, Gmail can’t detect a ransomware program tucked inside an encrypted and compressed attachment.

For the greatest security, you could ban all incoming email attachments. If you block attachments, remind people how to share from Google Drive. Remember, the goal isn’t to annoy people, it is to prevent problems. Make sure people know how to collaborate with a shared file, spreadsheet, or presentation, none of which requires sending an attachment.

Think before you allow apps

By default, G Suite for Education prevents people from installing apps from the G Suite Marketplace. That means that students and teachers can’t randomly add all sorts of Marketplace apps that could modify files on Google Drive.

Yet many Marketplace apps deliver features that teachers — and students — find useful. Apps in the Marketplace let students create a composition (Flat.io), a mind-map (Collabrify Map), or a video paired with a presentation (Movenote). As a G Suite administrator, you can select which Marketplace apps people may install and use.

Protect access to storage

As an administrator, you can also block access to Google Drive data with two more settings: the Google Drive SDK and Add-ons. When unchecked, the Drive SDK setting prevents third-party apps from accessing Google Drive data.

Similarly, when unchecked the Add-ons setting blocks access to third-party apps otherwise available from the Add-ons menu in a file.

Restrict these settings only after careful consideration and discussion with your users. The potential threat from this sort of access is significantly lower than some of the other risks discussed. Unless you experience an attack initiated from an Add-on or third-party app writing directly to Drive, these settings should be very low on your list to disable. Choose different

Choose different defaults for different groups

You can apply different restrictions to different groups of people. For example, you might prevent student accounts from installing and syncing with the Google Drive sync client, yet allow faculty access to the sync app. Or, you might consider a similar restriction on email attachments: blocked for students, allowed for faculty. Or for apps: a specific app blocked for younger students, but allowed for those in upper levels.

Preventative measures can only go so far, so Google Administrators need to prepare for the worst case scenario should a ransomware attack occur.