Deploy 2-Step Verification today!
Google has made the deployment of 2-Step Verification a breeze. We recommend 2-Step Verification (2SV) to all our clients. The most common threats faced today are phishing attacks and spear phishing attacks. While not 100% impenetrable, 2SV enhances the organization’s overall security substantially. Here are a few basic deployment steps.
Visit Admin.Google.com
You can find 2-Step Verification settings via Security > Basic Settings > Two-step verification. Visit the advanced settings link.
Turn on Enforcement from date…
Depending on the size of your organization, you might consider giving users a few days to a few weeks to configure 2-Step Verification. Here you can also set your enforcement policy for new Users. It’s important to consider new Users, if enforcement is enabled upon User creation a new User would be unable to access their account and configure 2SV – they’re locked out by default.
Create a 2-Step Verification ‘Off’ Organizational Unit
It’s easy to create additional Organizational Units (OU) in G Suite. You’ll want to create an OU and Disable 2SV. This gives you a place to move any Users who have issues with 2SV or anyone who misses your Enforcement dates. You can move Users into and out of this Organizational Unit as required. But don’t use this OU as an excuse for lax policies, a User should not have to remain here indefinitely.
Inform your Users
Send an email from a User that will get employees’ attention. Depending on your organization, this might be your account or it might be the account of the CEO.
“To all employees. Starting this Friday morning, 2-Step Verification will be required on all accounts. This additional security will help protect our information from falling into the wrong hands. You’ll need your smartphone and 2 minutes to enable 2-Step Verification. You can complete the steps found here. If you do not complete these steps, you will not longer be able to access your corporate Google account. If you have questions or require assistance, please email [email protected]”
You can configure security@ as a Group via Admin.Google.com for this project and other security related projects. Mobile Device Management (MDM) anyone?