As someone who manages your company'due south Thou Suite accounts, your Information technology team knows that data loss can happen for many reasons. This is why it'south essential to enquire: what's your Google account been upwardly to recently? Hopefully, not much. But you can—and should—bank check.

Human error, ransomware attacks, and protecting yourself with new compliance measures tin toll you valuable time and resources. Merely a G Suite backup tool can prevent data loss for y'all and your users.

If you're exploring this topic for the first time, some logins may surprise you. I've identified accounts on what were likely intended to be systems "temporarily" logged in, such as a meeting room desktop, a personal laptop, and a spouse's tablet. Other times, I've discovered accounts active on previously-owned systems. Every now and then, third-political party app access appears.

Google Apps Account Login Activity

To regain complete control over logins, you can have several actions. Start by revoking account logins from all other locations: access on other systems will then require authentication. You might likewise change your password, or enable two-cistron authentication. (If y'all already employ 2-factor authentication, review your application-specific passwords.) See Google'southward account help pages for more details.

You can avoid many business relationship access issues by just monitoring your business relationship activity. All Google users should audit logins and monthly account activity, while Administrators may review many detailed reports. A consistent review of the information below helps reduce the possibility of unauthorized business relationship access.

All users

Logins

  • To view recent Gmail account activity from your browser, login to Gmail from your laptop (or desktop).
  • Scroll to the lesser of the page to observe "Last business relationship activity", then click on "Details". Yous'll run across recent Gmail access information listed.
  • To view boosted activity similar which devices and third-party app have access to your Google Business relationship, go to https://myaccount.google.com/security, and login.
  • You volition see:
    • Recent security activity
    • Your devices
    • Third-party apps with business relationship access
    • Options for two-footstep verification
    • Options for verifying information technology's you logging in
    • And more

I'd suggest that well-nigh Google Information technology Admins should review this login activity at to the lowest degree once a month. Prepare a recurring Google calendar appointment to cake time for this review.

Administrators

Failed and suspicious logins

If y'all're a G Suite administrator, you can review many business relationship activity reports. To access the reports, login with your organization's domain at https://admin.google.com/, then choose Reports.

According to Google Support, Admins can see a host of updates from users and administrators like:

  • Apps outage alert—new, updated, or resolved outages on the Chiliad Suite Condition Dashboard (M Suite only)
  • New user added
  • Regime-based attack
  • Suspended user fabricated active
  • Suspicious login activity
  • User deleted
  • User granted Admin privilege
  • User suspended
  • User's Admin privilege revoked
  • User's password inverse
  • Device compromise update
  • Suspicious mobile activity (any changes to device model, serial number, Wi-Fi MAC address, device policy app privilege, manufacturer, device brand, device hardware, or bootloader version on a user's device)
  • Calendar settings changed (G Suite merely)
  • Drive settings inverse (Thousand Suite only)
  • Gmail settings changed (G Suite only)
  • Mobile settings changed (whatever mobile management settings are inverse)
  • Exchange journaling failure
  • Smart host failure
  • TLS failure
  • Charge per unit-limiting of incoming mail
  • SMTP relay spam

In particular, I recommend that all administrators review Login activity (from within Reports, choose Audit, and then Login). Employ the drib-downwardly menu in the upper right to filter the logins. Await at both the "Failed" logins and "Suspicious" logins. A "Failed" login might point that a user mistyped a password, although repeated "Failed" or "Suspicious" logins might indicate a potential problem. Repeated failures merit additional investigation.

Storage

I suggest y'all also review user storage. Sudden changes to storage usage by a user may betoken a potential problem. Large increases or decreases may merit additional review.

In the Reports section, select Account Activeness, then choose "Used Storage %" to view a summary of storage action past user.

In nigh cases, a review of logins and storage in one case a month should be sufficient.

Desire to learn more than? Read about Organizational Units and Permissions in One thousand Suite.

Take the Fourth dimension: Practice the Review

It'due south piece of cake to get decorated and skip simple security reviews like these. If there haven't been whatsoever problems, the urgency of these reviews diminishes.

Whether you're a user or an administrator, y'all need to proceed an center on your Google account's activity. And so practice the review to keep your Google account—and data—safe.

In addition to keeping an eye on your company'southward Thousand Suite activity, it's critical to ensure your data is both safe and secure. For Information technology teams looking to protect G Suite data, cut costs on licensing fees and streamline user lifecycle management, consider requesting a complimentary demo to learn how Backupify makes information technology easy to recover critical data.

*Note: Backupify is no longer available for cease-user purchase.