The G Suite your organization uses is the single most important part of your domain. Below are some steps to ensure your G Suite is hardened.
Configure Drive sharing settings.
Monitor shared accounts and rotate passwords periodically.
Disable Automatic forwarding.
Remove unused user accounts.
Disable contact sharing.
Manage System Accounts.
Enable Predefined Alerts.
Disable Contact Sharing for system accounts
Configure compliance settings.
Evaluate in Google DLP is right for your organization.
Evaluate whether Google Vault is appropriate
Audit privileged accounts
There are much more settings that need to be configured, tweaked and monitored.