How To Safely Share Content With Groups in Google Workspace

Google Groups are an easy way for an organization to allow users to share files with multiple people using a single email address. In just a few clicks, you can create a group, share files, and automatically forward emails to everyone in the group. However, sharing with groups has its risks, such as not regulating group permissions or misconfiguring privacy settings.

We’ll go over how to securely share documents with a group and ways that admins and employees can securely manage sharing outside the organization. 

How to share a document with a group

What is it?

Users can share a single file with a Google group through the group’s email address. Sharing with a group saves employees time and energy as they no longer have to add everyone’s individual email addresses to documents. The ease of sharing with groups also means employees are less likely to open up Company or Public links, which helps mitigate the risk of oversharing.

Why it matters

Sharing with a group allows users to quickly change access permissions to documents for everyone at once. Furthermore, if someone leaves the team—say they transfer to a new role internally—you can simply remove them from the group, and they will lose access to all documents that were previously shared via the group’s email address. 

However, there are also security risks with groups. For example, teams may never clean up group permissions, they might add personal accounts or outside domains to groups, and users might share documents with groups that they shouldn’t share them with.

How to do it 

1. Create a file in Google Drive or open an existing document.
2. In the file, click “Share.”
3. In the “Invite people” field, enter the group’s email address.
4. Select the level of access you want to provide the group: “Can edit,” “Can comment,” or “Can view.”
5. Click “Done.”

How to share outside the organization using groups

What is it?

As an admin, you can stop the sharing of content with group members outside your organization. You are able to set organization-wide policies in your Admin console and determine if your groups should be private (accessible by accounts in the company) or public (accessible by anyone on the internet). You can also decide if group members can add external members or receive emails from outside the organization. Remember that as an admin, you automatically have ownership privileges for all groups at your company, even the ones you didn’t create. 

Why it matters

Google Groups are defaulted to private and are usually designed for employees in your organization to quickly and efficiently collaborate. However, room for error exists as sensitive data could be accidentally shared if your Google Group privacy settings are misconfigured. It’s important to know what privacy options you have in your Admin console so sharing capabilities and safety features can stay in equilibrium. 

How to do it 

1. In the Admin console, go to “Apps” > “Google Workspace”> “Groups for Business.” (Please note that Groups for Business is available for all editions of Google Workspace.) 

2. Click “Sharing settings.”

3. Now you are able to apply various settings. Admins have control over the following:

• Accessing groups from outside this organization: You may set this to “Private” and only people in the organization can access your organization’s groups in Google Groups. External members may be allowed to access your groups by email only. 

Note that if you change this setting, the change will affect new and existing groups. If you change from public to private and existing groups have external members, those members will be unable to access their groups in Google Groups, regardless of the settings for the individual group. However, they can still send and receive emails from their groups, depending on the group settings. 

• Creating groups: You can decide if all admins, all users in your organization, or even anyone on the internet can create groups for your organization. 
• Can external users participate in groups: You can control if group owners can invite or add external members to groups. You can also decide if group owners can allow their groups to receive incoming emails from outside your organization. Please note that if you change these settings, they do not automatically affect existing external group members or messages.
• Default for permission to view conversations: Please note that this setting is unavailable for groups created in the Admin console or Google Cloud Console. Admins can set the default for who can view conversations in their organization’s groups as well as decide who can post and who can view members.
• Can a group be hidden from non-members: You can hide new groups from your directory by default. Group admins will still be able to see all groups, and group members will still be able to see all the groups they belong to in the directory. You also have the option to make these settings public, but we don’t recommend allowing just anyone on the internet visibility into your groups. 

Organizations utilize Google Groups to quickly and efficiently share content with multiple people and accounts at once. However, it is vital to remember that there are still security concerns for this type of sharing. Be aware of what types of accounts are added to your company’s Google Groups. For example, personal accounts and external domains should be removed unless they absolutely require access. 

Admins can also restrict and regulate sharing content with group members outside of their organization through their Admin console. However, it can be difficult to get a complete overview of documents owned by external third parties that contain sensitive company information. For full visibility and control over these types of inbound documents, we recommend using a Cloud Document Security system. 

To learn more about document security in Google Workspace, download the full ebook.