Join Us at the Black Hat CISO Event at Mandalay Bay on August 5 RSVP Now.×
Home » Spin.AI Blog » Cybersecurity » Google Workspace » Google Workspace Malware Protection Best Practices
January 2, 2023 | Updated on: April 11, 2024 | Reading time 7 minutes

Google Workspace Malware Protection Best Practices

Avatar photo

Product Manager

With 6M paid businesses and 2B active monthly users, Google Workspace is a popular target for cybercriminals. Google has many native features available to enhance its Google Workspace malware protection. However, the shared responsibility model means that users are still ultimately responsible for the safety of their data. In this article, we’ll discuss the best practices of malware protection in Google Workspace.

What Are the Key Malware Threats Associated with Your Google Workspace?

There’s a short threat checklist to assess the security health of the company’s Google Workspace.

Malware is an umbrella term for multiple programs such as ransomware, trojans, keyloggers, worms, viruses, etc.

Google Workspace (G Suite) Malware Protection

Malware that infects Google Workspace

Ransomware is malicious software that is capable of encrypting files stored on cloud drives. Hackers promise to provide a decryption key in exchange for ransom, most usually paid in cryptocurrency.

Nowadays, the most common victims are companies. 71% of organizations worldwide experienced at least one ransomware attack in 2022, and the average total cost of attack hit an astounding $4.3 million.

Malware that infects devices

A user’s PC or mobile phone can get infected with various types of malware via Google Services:

  1. Trojan looks like safe software. Tricked by its appearance, a user downloads it on their device. Once inside Trojan begins secretly downloading other malicious programs.
  2. Rootkit provides access to your PC or mobile device to cybercriminals.
  3. Spyware tracks your activities to acquire sensitive information such as credentials.
  4. Bots assemble into larger botnets to perform malicious tasks such as infecting more devices or conducting a DDoS attack. An owner of the device infected by a botnet isn’t necessarily a direct target of this malware. However, they fall victim because of the decrease in the productivity of the device.
  5. Ransomware infects not only your Google Workspace but also your mobile device or PC. It prevents you from accessing your data, and impedes all operations until you pay.

How Do Users Get Infected with Malware via Google Workspace?

The malware works by gaining access to an entry point into a system to infect it. For example:

  1. You visit insecure websites where malware infects your IT system automatically.
  2. In most cases, you click on a link and download malicious software on your device.
  3. Cloud ransomware requests access permission to your Google Workspace.
  4. You use apps and add-ons that carry malware, including those sold on Google Marketplace.

Insecure web browsing and infected applications are beyond the scope of this article. For more information on cybersecurity threats related to apps and Chrome extensions please see our cloud application security checklist.

Let’s discuss in detail how users get malware download links or requests for access permission.

In most cases, cybercriminals act from outside an organization. That’s why an email remains the most common and efficient way to deliver malware to the recipient.

Here are the three most common delivery methods:

  1. A link that redirects you to a webpage where the download begins automatically
  2. Malware in the attached file
  3. A link that redirects you to a webpage that requests access permission

Usually, cybercriminals use various social engineering techniques to trick people into trusting them.

The new Google Workspace security features prevent emails with an unsafe link from hitting the inbox. However, cyber experts have already found a “workaround.” There’s a possibility to use other Google Services to deceive the system.

Here’s an example. A hacker inserts a malicious link in a document or a spreadsheet on his Google Drive. He then uses the share option to send this document to his target(s). Google Workspace email filtering will not consider such letters suspicious.

Google Workspace Malware Protection Best Practices

In the past year, we’ve seen many new features to increase Google Workspace enterprise security. However, cybercriminals keep looking for more vulnerabilities in cyber defense and come up with new ways to infect IT systems. As a result, some security methods become outdated.

Check out our list of malware protection best practices for Google Workspace.

1. Apply new Google Workspace email security features

This advanced functionality can detect and prevent multiple threats, i.e., malware, suspicious links, and phishing emails. As we mentioned before, this system can be bypassed. However, it will still cut off several attacks.

Check out the file extensions it can detect in emails and prevent them from damaging your IT system:

.ADE, .ADP, .BAT, .CHM, .CMD, .COM, .CPL, .EXE, .HTA, .INS, .ISP, .JAR, .JS, .JSE, .LIB, .LNK, .MDE, .MSC, .MSI, .MSP, .MST, .NSH, .PIF, .SCR, .SCT, .SHB, .SYS, .VB, .VBE, .VBS, .VXD, .WSC, .WSF, and .WSH

How to enable phishing and malware protection in Google Workspace:

  1. Go to the App section in your Admin Console. You need Google Workspace.
  2. Scroll down to Gmail Services and click on it.
  3. In this section, click on the Safety tab. Now you can choose the advanced security settings and the actions that the system will automatically take. Remember to save your configurations.
  4. Fight human errors with regular training

2. Teach your employees about Google Workspace email security principles.

Discuss how to avoid the risks associated with malware and phishing. Explain how to detect emails from cybercriminals.

Don’t hesitate to repeat training sessions several times a year. People tend to forget, especially in the aftermath of global pandemics.

3. Update the antivirus software on your computers and mobile devices

Google has invested many resources into creating tools that try to handle social engineering. For example, it can now prevent spoofing Google Workspace accounts. You might’ve invested much time and effort in corporate training.

However, the risk of downloading malicious software is still there. It’s better to be prepared with an updated version of the antivirus.

4. Get a backup tool for your Google Workspace

If most of your important documents are in the cloud, it’s time to think about making a copy and storing it elsewhere. The best rule is 3-2-1: 3 copies of your data on 2 different media. One should remain offsite.

If you experience a cyber attack you will be able to quickly recover with a cloud backup tool.

5. Monitor your applications

In the Apps Section of Admin Console, you can check out the applications that your employees are currently using. Assess their security and turn off the dangerous ones.

6. Acquire Google ransomware protection tool

Some tools can detect ransomware and stop it. Most of them use the existing databases of ransomware attacks and can recognize the malware.

7. Use tools that can provide a wide range of protection features.

For example, SpinBackup is a backup software that can detect a ransomware attack and stop it. It can also identify all insecure cloud apps and help Admin quickly turn them off.

To learn more about how to protect your Google Workspace, get a free demo here.

Was this helpful?

Thanks for your feedback!
Avatar photo

Written by

Product Manager at Spin.AI

Will Tran is the Product Manager at Spin.AI, where he guides the product's strategic direction, oversees feature development and ensures that the solution solves his clients’ cybersecurity needs.

Will is a security professional who started his career at Lockheed Martin where he worked on National Security Space programs in business development and product management.

Will holds a BA in Economics and Mathematics from UCSB and an MBA with a specialization in Technology Management and Marketing from UCLA Anderson School of Management.

At Lockheed Martin, Will developed the multi-year strategy campaign and supported the product development of a national security satellite program for the United States Air Force, which resulted in a multi-billion dollar contract.

During business school, Will consulted 2 non-profit organizations as part of a series of national consulting case competitions. He set strategic priorities, optimized business operations, and developed a process to qualify new revenue streams for his non-profit clients. These initiatives resulted in 15-20% increase in annual surplus.

In his spare time, Will can be found at local coffee shops around Los Angeles, traveling to different countries, or hanging out with his cat.

How Can You Maximize SaaS Security Benefits?

Let's get started with a live demo

Latest blog posts

SpinBackup vs. Spanning: Comparing Popular Backup Solutions

You’ll see SpinBackup and Spanning pop up in many online searches for leading backup solutions...

Avatar photo

Vice President of Product

Read more

How to Backup and Recover Slack Messages in 2024: A Complete Guide

Communication tools like Slack have become essential for businesses worldwide. However, the growing reliance on...

Avatar photo

CEO and Founder

Read more

Mastering Disaster Recovery – Best Practices in 2024

From natural calamities to cyber threats and system failures, organizations face numerous challenges that can...

Avatar photo

Product Manager

Read more