Employees are our first line of defense when it comes to cybersecurity – but how can we be sure we are doing everything we can to help them keep our company safe?
Enter two-factor authentication (2FA) enforcement.
As a small business you may or may not have policies around requiring your employees to have good, strong passwords or using 2FA on their accounts. By enforcing 2FA in Google Workspace, your company’s google accounts will be safer.
(Want more information on 2FA? See this blog post here.)
Things to Consider With Enforcement
Remind Employees of Your Company Policy & Why It’s Important
Ask employees to review your company’s security policies. Don’t have a policy regarding two-factor authentication? That’s okay! Remind your employees that using 2FA will help keep the company safe and will help protect the company’s data, your clients data, and even personal data.
Make Sure They Have the Right Tools
Set them up for success by letting them know what authentication app you want them to use (we recommend using 1Password or Duo Mobile) and providing instructions on how to set up 2FA for their accounts.
Give Your Employees a Heads Up
Make sure that you give your employees enough time to get comfortable with using 2FA on their email accounts. Once you enforce 2FA, be sure to give your employees 2 weeks to get everything set up.
How to Enable 2FA in Your Google Workspace
Enabling 2FA in Google Workspace account is a relatively simple process:
Step 1: Head to admin.google.com and log into your admin console.
Step 2: On the left hand side bar, click “Security”. You may need to click “Show More” to view this option. Then click “Overview”.
Step 3: Scroll down to 2-Step Verification and click to open it.
Step 4: Now we will enforce 2FA for our users by choosing the following options:
- Click Allow users to turn on 2-Step Verification.
- Click Enforcement: On From and choose a date. This will start the enforcement on the date you choose and will not allow users to log in unless they have 2FA set up beforehand (we recommend giving them 2 weeks). Note that if you select turn on now, all your existing users who haven’t enabled the 2FA will be locked out.
- New User Enrollment Period: We recommend 1 week. When you onboard a new employee or user, they will have 1 week to set up 2FA on their account.
- Frequency: Allowing users to trust the device defeats the purpose. Do not allow this.
- Methods: We recommend Any except verification codes via text/phone call, as this is the least secure method.