backupify
June 15, 2020
G Suite

What Has Your Google Account Been up to Recently?

As someone who manages your company’s G Suite accounts, your IT team knows that data loss can happen for many reasons. This is why it’s essential to ask: what’s your Google account been up to recently? Hopefully, not much. But you can—and should—check.

Human error, ransomware attacks, and protecting yourself with new compliance measures can cost you valuable time and resources. Only a G Suite backup tool can prevent data loss for you and your users.

If you’re exploring this topic for the first time, some logins may surprise you. I’ve identified accounts on what were likely intended to be systems “temporarily” logged in, such as a meeting room desktop, a personal laptop, and a spouse’s tablet. Other times, I’ve discovered accounts active on previously-owned systems. Every now and then, third-party app access appears.

Google Apps Account Login Activity

To regain complete control over logins, you can take several actions. Start by revoking account logins from all other locations: access on other systems will then require authentication. You might also change your password, or enable two-factor authentication. (If you already use two-factor authentication, review your application-specific passwords.) See Google’s account help pages for more details.

You can avoid many account access issues by simply monitoring your account activity. All Google users should audit logins and monthly account activity, while Administrators may review many detailed reports. A consistent review of the information below helps reduce the possibility of unauthorized account access.

All users

Logins

  • To view recent Gmail account activity from your browser, login to Gmail from your laptop (or desktop).
  • Scroll to the bottom of the page to find “Last account activity”, then click on “Details”. You’ll see recent Gmail access information listed.

Last account activity

  • To view additional activity like which devices and third-party app have access to your Google Account, go to https://myaccount.google.com/security, and login.
  • You will see:
    • Recent security activity
    • Your devices
    • Third-party apps with account access
    • Options for 2-step verification
    • Options for verifying it’s you logging in
    • And more

I’d suggest that most Google IT Admins should review this login activity at least once a month. Set up a recurring Google calendar appointment to block time for this review.

Administrators

Failed and suspicious logins

If you’re a G Suite administrator, you can review many account activity reports. To access the reports, login with your organization’s domain at https://admin.google.com/, then choose Reports.

According to Google Support, Admins can see a host of updates from users and administrators like:

  • Apps outage alert—new, updated, or resolved outages on the G Suite Status Dashboard (G Suite only)
  • New user added
  • Government-based attack
  • Suspended user made active
  • Suspicious login activity
  • User deleted
  • User granted Admin privilege
  • User suspended
  • User’s Admin privilege revoked
  • User’s password changed
  • Device compromise update
  • Suspicious mobile activity (any changes to device model, serial number, Wi-Fi MAC address, device policy app privilege, manufacturer, device brand, device hardware, or bootloader version on a user’s device)
  • Calendar settings changed (G Suite only)
  • Drive settings changed (G Suite only)
  • Gmail settings changed (G Suite only)
  • Mobile settings changed (any mobile management settings are changed)
  • Exchange journaling failure
  • Smart host failure
  • TLS failure
  • Rate-limiting of incoming mail
  • SMTP relay spam

In particular, I recommend that all administrators review Login activity (from within Reports, choose Audit, then Login). Use the drop-down menu in the upper right to filter the logins. Look at both the “Failed” logins and “Suspicious” logins. A “Failed” login might indicate that a user mistyped a password, although repeated “Failed” or “Suspicious” logins might indicate a potential problem. Repeated failures merit additional investigation.

Storage

I suggest you also review user storage. Sudden changes to storage usage by a user may signal a potential problem. Large increases or decreases may merit additional review.

In the Reports section, select Account Activity, then choose “Used Storage %” to view a summary of storage activity by user.

In most cases, a review of logins and storage once a month should be sufficient.

Want to learn more? Read about Organizational Units and Permissions in G Suite.

Take the Time: Do the Review

It’s easy to get busy and skip simple security reviews like these. If there haven’t been any problems, the urgency of these reviews diminishes.

Whether you’re a user or an administrator, you need to keep an eye on your Google account’s activity. So do the review to keep your Google account—and data—safe.

In addition to keeping an eye on your company’s G Suite activity, it’s critical to ensure your data is both safe and secure. For IT teams looking to protect G Suite data, cut costs on licensing fees and streamline user lifecycle management, consider requesting a free demo to learn how Backupify makes it easy to recover critical data.

*Note: Backupify is no longer available for end-user purchase.

See Why Backupify Wins SaaS Backup

VIEW MORE