Home»Google Workspace Ransomware Protection»Google Workspace Malware Protection Best Practices

Google Workspace Malware Protection Best Practices

With 6M paid businesses and 2B active monthly users, Google Workspace (formerly G suite) is a popular target of cybercriminals. After a number of incidents, Google added multiple features to enhance its Google Workspace malware protection.

Unfortunately, the most recent attacks on users show that cybercriminals are capable of bypassing the new security system. In this article, we’ll discuss the best practices of malware protection in Google Workspace Security in 2023.

What Are the Key Malware Threats Associated with Your Google Workspace?

There’s a short threat checklist to assess the security health of the company’s Google Workspace. Malware is on this list. However, Google doesn’t provide much information about it.

Malware is an umbrella term for multiple programs such as ransomware, trojans, keyloggers, worms, viruses, etc. Some infect your devices while othersーcloud office suites. Let’s talk about them in detail.

Google Workspace (G Suite) Malware Protection

Malware that infects Google Workspace

Ransomware is malicious software that is capable of encrypting files stored on cloud drives. Hackers promise to provide a decryption key in exchange for ransom, most usually paid in cryptocurrency.

Nowadays, the most common victims are companies. In 2019, there were 187.9M ransomware attacks which accounted for approximately 18.8% of total cyberattacks. Learn how ransomware works.

Protect your business-critical data today

Malware that infects devices

A user’s PC or mobile phone can get infected with various types of malware via Google Services:

  1. Trojan looks like safe software. Tricked by its appearance, a user downloads it on their device. Once inside Trojan begins secretly downloading other malicious programs.
  2. Rootkit provides access to your PC or mobile device to cybercriminals.
  3. Spyware tracks your activities in order to acquire sensitive information such as credentials.
  4. Bots assemble into larger botnets to perform malicious tasks such as infecting more devices or conducting a DDoS attack. An owner of the device infected by a botnet isn’t necessarily a direct target of this malware. However, they fall victim because of the decrease in the productivity of the device.
  5. Ransomware infects not only your Google Workspace but also your mobile device or PC. It prevents you from accessing your data, impedes all operations until you pay.

How Do Users Get Infected with Malware via Google Workspace?

The malware works pretty much like biological viruses. It needs an entry point into a system to infect it. Here’s how it gets inside:

  1. You visit insecure websites where malware infects your IT system automatically.
  2. In most cases, you click on a link and download malicious software on your device.
  3. Cloud ransomware requests access permission to your Google Workspace. Because you are tricked into believing that it’s safe, you comply with the request.
  4. You use apps and add-ons that carry malware, including those sold on Google Marketplace.

Insecure web browsing and infected applications are beyond the scope of this article. For more information on cybersecurity threats related to apps and Chrome extensions please see our cloud application security checklist.

Let’s discuss in detail how users get malware download links or requests for access permission.

In most cases, cybercriminals act from outside an organization. That’s why an email remains the most common and efficient way to deliver malware to the recipient.

Here are the three most common delivery methods:

  1. A link that redirects you to a webpage where download begins automatically
  2. Malware in the attached file
  3. A link that redirects you to a webpage that requests access permission

Usually, cybercriminals use various social engineering techniques to trick people into trusting them.

The new Google Workspace security features prevent emails with an unsafe link from hitting the inbox. However, cyber experts have already found a “workaround.” There’s a possibility to use other Google Services to deceive the system.

Here’s an example. A hacker inserts a malicious link in a document or a spreadsheet on his Google Drive. He then uses the share option to send this document to his target(s). Google Workspace email filtering will not consider such letters suspicious.

Google Workspace Malware Protection Best Practices

In the past year, we’ve seen many new features to increase Google Workspace enterprise security. However, cybercriminals keep looking for more vulnerabilities in cyber defense and come up with new ways to infect IT systems. As a result, some security methods become outdated.

In this section, Spin Technology explains what malware protection practices will be efficient for businesses throughout 2023. We based this list on our experience and expertise as well as profound knowledge of key cybersecurity threats and trends.

Keep in mind, though, that one single technique won’t provide the level of security that your company needs. That’s why we suggest using all these methods to defend against cyberattacks.

Check out our list of malware protection best practices for Google Workspace.

1. Apply new Google Workspace email security features

This advanced functionality can detect and prevent multiple threats, i.e., malware, suspicious links, and phishing emails. As we mentioned before, this system can be bypassed. However, it will still cut off a number of attacks.

Check out the file extensions it can detect in emails and prevent them from damaging your IT system:

.ADE, .ADP, .BAT, .CHM, .CMD, .COM, .CPL, .EXE, .HTA, .INS, .ISP, .JAR, .JS, .JSE, .LIB, .LNK, .MDE, .MSC, .MSI, .MSP, .MST, .NSH, .PIF, .SCR, .SCT, .SHB, .SYS, .VB, .VBE, .VBS, .VXD, .WSC, .WSF, and .WSH

How to enable phishing and malware protection in Google Workspace:

  1. Go to the App section in your Admin Console. You need Google Workspace.
  2. Scroll down to Gmail Services and click on it.
  3. In this section, click on the Safety tab. Now you can choose the advanced security settings and the actions that the system will automatically take. Remember to save your configurations.
  4. Fight human errors with regular training

2. Teach your employees about Google Workspace email security principles.

Discuss how to avoid the risks associated with malware and phishing. Explain how to detect emails from cybercriminals.

Don’t hesitate to repeat training sessions several times a year. People tend to forget, especially in the aftermath of global pandemics.

3. Update the antivirus software on your computers and mobile devices

Google has invested many resources into creating tools that try to handle social engineering. For example, it can now prevent spoofing Google Workspace accounts. You might’ve invested much time and effort in corporate training.

However, the risk of downloading malicious software is still there. It’s better to be prepared with an updated version of antivirus.

4. Get a backup tool for your Google Workspace

If most of your important documents are in the cloud, it’s time to think about making a copy and storing it elsewhere. The best rule is 3-2-1: 3 copies of your data on 2 different media. One should remain offsite.

If you experience a cyber attack you will be able to quickly recover with a cloud backup tool.

5. Monitor your applications

In the Apps Section of Admin Console, you can check out the applications that your employees are currently using. Assess their security and turn off the dangerous ones.

6. Acquire Google ransomware protection tool

Some tools can detect ransomware and stop it. Most of them use the existing databases of ransomware attacks and can recognize the malware.

7. Use tools that can provide a wide range of protection features.

For example, SpinOne is a backup software that can detect a ransomware attack and stop it. It can also identify all insecure cloud apps and help Admin quickly turn them off.

Protect your business-critical data today

William William Tran Product Manager
About Author

Will Tran is the Product Manager at Spin.AI, where he guides the product's strategic direction, oversees feature development and ensures that the solution solves his clients’ cybersecurity needs.

Will is a security professional who started his career at Lockheed Martin where he worked on National Security Space programs in business development and product management.

Will holds a BA in Economics and Mathematics from UCSB and an MBA with a specialization in Technology Management and Marketing from UCLA Anderson School of Management.

At Lockheed Martin, Will developed the multi-year strategy campaign and supported the product development satellite program for the United States Air Force, which resulted in a multi-billion dollar contract.

During business school, Will consulted 2 non-profit organizations as part of a series of national consulting case competitions. He set strategic priorities, optimized business operations, and developed a process to qualify new revenue streams for his non-profit clients. These initiatives resulted in 15-20% increase in gross profit.

In his spare time, Will can be found at local coffee shops around Los Angeles, traveling to different countries, or hanging out with his cat.

Featured Work: