I’ve been getting and seeing a lot of questions about how safe Google Workspace really is. I thought I’d investigate further and see how to make Google Workspace even safer. You can read all about Google’s policy on GPDR & HIPAA Compliance for yourself.
I recommend Google Workspace to all my clients and you can read the reasons why I believe it can benefit you HERE. The no1 question I get asked when talking to potential clients is how they can keep client files online but keep them in line with GDPR. Below are the ways I believe you can make Google Workspace even safer.
First things first when setting up Google Workspace. Use a totally unique and long password. Don’t use full words and mix in the numbers and special characters. Google Workspace for business will log you out every 14 days if you don’t shut down your session each time. This can be annoying if you have a long, complicated, impossible password to remember. This is where utilising a service like LastPass comes in handy. You can add this to your browser extension. Then when you are logged in it will automatically populate the username and password fields for you. You can read more about online systems I recommend including LastPass HERE.
You can set up two-Step verification for Google Workspace to make it even safer. 2-Step Verification puts an extra barrier between your business and cybercriminals who try to steal usernames and passwords to access business data. The two steps are: Step 1: Something you know (their password). Step 2: Something you have (such as a physical key or access code delivered to their phone). You can turn two-step verification on via your Google Admin Console, heading to security and then 2-step verification.
Uploading Personal Client Information
As your Google Drive requires a password for access it is safe for you to store your client information. You can add extra security by password protecting documents before you upload them to Google. If you did this you’d need a way to keep track of these passwords. For example a system for naming each document and then how the password would be allocated. It would be impossible to keep track otherwise. If you want my 2 pence worth. Google Workspace is secure enough for you to save your client data WITHOUT the additional password security. Please ensure to read Googles T&Cs regarding this to ensure you are complying with your side of the deal.
One of the greatest things about Google Workspace is being able to share your work and always be using the most up to date version of documents at all times. This however can be another thing that concerns people in case they share too much. There are a few options when it comes to sharing:
You can create a shared drive which you would do if you had a VA. They would then have access to everything that you upload to that drive including creating any folders etc. You can set their security level but they will be able to see everything.
The second option is a shared folder. With this option the person you are sharing with will ONLY have access to whatever is placed in that folder. Again you can set the security level but this can be an option if you only want someone to access a specific area of your drive.
The third option is just sharing a specific document like a spreadsheet or PDF. Again you can set the security and you could only allow someone to view rather than be able to edit or delete. This can be a good option if you want to share a resource with clients. They will only be able to view and download and you can share it with as many people as you like.
You can also set sharing permissions for your organisation but this only works if the person you are sharing with is using the same domain address as you. i.e. [email protected]. You can read more about this HERE.
Sensitive Personal Information
When sending confidential or sensitive information you do have a couple of options here too. You can email with a password protected PDF and then send the password either in a separate email or via a separate medium i.e. a text message. You can use confidential mode in which you can set an expiry and require a SMS text message from Google to open the mail. The problem with this one is that the recipients cannot download or save any attachments you send so this may not be applicable for you.
If the recipient has Gmail you can share a folder with them and upload the documents there and advise them there has been an update along with a password. To reiterate, they must have a Gmail account for them to be able to access the folder. The other option is to utilise an email encryption service.
There are some ways in which you can make Google Workspace even safer. There will be more you can do to safeguard your practice and I would suggest doing some additional research if you still don’t feel comfortable with any aspect of it. Ensure you sign a Business Associate Agreement (BAA) with Google when you join and read what your role in that is.
If you’re ready to move your practice online there are ways we can help you with this. You can have an admin audit call which includes us going through your current admin procedures and discussing where improvements could be made. Each practice is different so it is not a one size fits all when it comes to systems. There are 8 that I recommend in general and will work for most practices however the processes and procedures within those systems may be different depending on how you work.
If you wanted help with migrating your practice admin to these online systems we can also assist you with the setup, training, and best practice procedures for your private practice. This is tailored specifically to you and your practice. We would start with a FREE discovery call. If you would like to discuss either of these options please get in contact at [email protected]