If you use Google Docs, Google Drive, or Google Workspace to organize your personal or professional files and folders, you’ve probably paused at least once or twice, wondering if the information that you are storing is secure.
Should I include this potentially personal information in this document? What happens if someone accesses it? Is my information at risk?
In today's article I'll explain Google Docs security - how it works, and what steps you can take to keep your files and data private.
Let's find out how secure your files and folders are on Google’s cloud storage platforms and how you can take advantage of all of the security features available.
Whether you use a free Google account or have a Google Workspace license as part of your employment or business, Google takes account security very seriously for all users.
There are a few features that are standard for all Google Docs, some additional security measures that you can take to increase security, and a few cybersecurity tips that will help keep your information safe no matter how you store it.
Let's start by explaining the Google Docs security that is standard and available by default when you use Docs.
One of the first lines of defense includes the necessity to have a Google account in the first place to even use Google Docs, Google Drive, or Google Workspace.
While it is free to set up a personal Google account, it is an extra step involved in accessing documents on Google. Setting up a Google account does not necessarily mean that you need to create a new email account (Gmail), although this is the route that many people using Google Docs for personal use choose to go.
You can link a Google account to another email provider as well (say a domain that you own, even if you don't manage that domain through Google).
For Google Workspace users, only those with an account in the workspace can access any documents or folders managed under that Workspace license. All Google accounts (free Gmail accounts or paid Google Workspace accounts) require login credentials and passwords. Keep these in a private location and follow password best practices by changing them periodically to keep them secure.
Once you create a Google doc or other file in your Google Drive or Workspace, you as the user have complete control over the sharing permissions of that file. Google sets the default permission as Restricted, meaning that only users who you manually add to the permission list can open the file. The list starts with you, the user. You can add individuals or groups. You can also create a shareable link, but keep in mind that this is less secure than adding individuals or groups to the list.
If you send the link out, it can be forwarded and becomes less secure. By choosing individual users to share your files with, you maintain control of its distribution.
Individual sharing is generally more secure than link sharing, as it allows only specified additional users to open, comment on, or edit your Google Doc, Google Sheet, or other file. Even if the link is forwarded to additional individuals, they will not be able to actually access your document unless they are logged in with the credentials of the person you are sharing the document with in the first place. Yet another reason to keep your login credentials private and secure.
Google Groups is another useful tool to help you share your documents more widely and efficiently.
If you frequently work with and collaborate with a group of people, either at work or for personal endeavors, you can create a Google Group and share files and folders with that group without having to manually enter each user into the share tab.
You can also share a folder, which will allow access to all files within that folder, even if you add more files later. The team at Google has designed multiple ways to collaborate within a Google Drive or Workspace while still keeping privacy and security in mind.
You can also restrict what people can do with your file.
The default permission level when creating a new Google Doc is to add those who you give access to as viewers. This means that they can only open and view your file, but cannot make changes or comments. To change this permission level, you can manually change it to Commenter or Editor for individuals, groups, or as part of the shareable link.
If you are still worried about your files remaining secure, you can add two-factor authentication to your Google account (something we strongly recommend).
Using two-factor authentication (2FA), users are asked to type in a password and provide an alternate means of identification (usually a PIN sent to your mobile device or another email address). Without both provided, you will not be able to login to your account.
This prevents people from accessing your account, even if your password becomes compromised.
Google Workspace users have a few additional tools available to their administrator to ensure that all users within the organization are following good security practices.
Administrators can enforce two-factor authentication across their Workspace, use and send security keys from the administrator console, identify suspicious logins, requiring electronic signatures on emails, and additional security measures to protect their users and information stored in their Workspace.
When you are done using your Google account, make sure that you log out.
This is particularly important if you are using a shared or public computer.
You cannot add a password or encryption to individual files or folders within the Google Drive or Google Workspace, so the most important thing to do is to keep your account secure.
You can also add a password to the hardware that you use to access your Google account, whether it is your desktop computer or mobile device. This creates another layer of security between potential users and your documents.
Phishing is another way that people attempt to get user information for personal or professional accounts. Do not provide any account information, such as your password or answers to your security questions to anyone. Be wary of any attempt to contact you to get this kind of information, even if it looks like it is coming from an official Google corporate account.
If you are using Google Docs to store confidential or workplace files and information, make sure that you are familiar with the required policies and procedures for keeping these files secure.
Some workplaces have restrictions on who within the organization can have access to certain types of files. This is often the case with medical patient and client files in organizations that must follow laws put in place by the Health Insurance Portability and Accountability Act (HIPAA).
If you absolutely need to encrypt a file and store it in your Google Drive or Google Workspace, you can do that on your computer.
Use your preferred encryption software, then backup your file to your Google Drive. Keep in mind that you will not be able to edit the file within Google Docs or Google Sheets. You will be sacrificing this useful productivity tool for additional security.
Other users that you share that file with will be able to access it, download it, and un-encrypt it on their machine, as long as they use the same software.
If you are storing very sensitive information, this may be the best way to protect it and keep it secure within Google Docs.
Understanding what security measures are available as a Google user can help you make the best decision to optimize productivity while keeping your information secure.
By keeping security in mind through good cybersecurity practices and taking advantage of additional tools in Google Workspace, your company, organization, or personal use of Google Docs will remain protected and efficient.
Suitebriar is a Google Cloud Premier Partner, and if you'd like us to audit your Google Workspace security setup, you can request a free audit by clicking the link below: