Creating safer workplaces
More and more data breaches are occurring around the world, with devastating consequences. In 2015, thirteen international companies incurred 32 billion dollars in damages for “leaking” private information, exposing over 208 million records. And the problem is only growing.
How Secure is Your Data Really?
In 2021, Facebook lost over 513 million records, which means all that stored data is now up for grabs. Another report revealed that 250 million Microsoft customer records, spanning 14 years, were exposed. And your data is probably no longer private if you’ve been to Thailand in the last ten years, since 100 million of its visitor records were exposed after its database was hacked.
So, even if you think your company’s data is safe, it may not be as safe as you think. From small businesses to big corporations, millions of companies now face catastrophic losses because of security breaches.
Clearly, securing your data is more important than ever. But organizing your own workspace isn’t sufficient. Security extends to every person in the company.
Security is Part of Everyone’s Job
Some people think security is only the company’s problem or the person they’ve put in charge of it. But the fact is, it’s part of everyone’s job. One of the most important steps you can take is to make sure your users are trained and aware of the risks, and what they need to do to stay safe. Once people take security more seriously, it can have a big impact.
You should also take technical steps to secure your environment. There are hundreds of features in the Google Workspace environment that can help you stay secure — but you have to turn them on!
For example, if you receive an external email from someone with an identical name as another person inside your company, you can turn on a feature in Google that alerts you with a big yellow banner. Unfortunately, a lot of people turn that feature off because they find it intrusive. Instead, you need to educate your users to be more proactive and to think, ‘I need to be careful now.’ You can also instruct them to check that it’s a legitimate email from email@example.com, not firstname.lastname@example.org.
Email: The Most E-fficient Phishing Method
A recent Google investigation into who is getting hacked and how it’s being done, revealed that the majority of cyber attacks happen via email. Why? Email costs next to nothing for the hacker or phisher. They don’t need any fancy, high-end equipment — even an old smartphone will do. As long as they have a signal, they can send out a few thousand emails in only a matter of minutes — from the Sahara desert, if they want to.
Hackers mostly use email to get initial entry into systems. The scam email instructs you to “click on this and then do that,” in an attempt to gain something of value. Sometimes they’re satisfied with just getting extra valid email addresses, or they might try to steal your password. Or, they might gain access to certain documents, when you fall for their scam and grant access.
A hacker can create an email account using any company name as his own, or as part of the address, then send an email from it, so people think it’s coming from a legitimate business. Since the email shows only the first part of the sender’s name, people often think it’s the real deal. A security-oriented person might immediately recognize a fake email, but 3% of your people will fall for even the simplest attempts. And if the hacker or phisher puts in a little bit of effort into making this email believable, they’ll have a 50% hit rate.
Government and government agencies are often particularly at risk for this kind of scam, since they don’t usually have all their security measures in sync. There are also some fairly large companies, like American Express, that have recently had their names hijacked for emails. Parcel companies, like DHL or UPS, are also commonly used brands for fraud, especially since so many people are expecting deliveries these days. People recognize the name and fall for it.
The Problem With Passwords
The overarching weakness in protecting systems is still, by and far, the password problem. People have so many accounts to remember, they often use the same password for various accounts. That means the password they use on Facebook is the same one they use to buy shoes on Zalando and for their Starbucks loyalty card. And if that’s the case, chances are, it’s the same password they are using inside your company. If your employee used email@example.com for their loyalty card at Starbucks, a hacker will try Google, Microsoft, Amazon — all the big ones — within 30 minutes, using those stolen credentials. That means, if Starbucks gets hacked, your company is also at risk.
The Power of a Two-Step Authentication
The cloud can be used from anywhere, which is one of its biggest advantages. But from a security standpoint, that’s one of its biggest downsides. A hacker can access your data from almost anywhere in the world, just like you.
That’s why you need to make sure that those systems, and access to them, are well-protected. One of the most important things that you can put in place is a two-step verification or authentication. If you’re logging in from Vietnam but normally log in from Boston or Brussels, a two-step verification process triggers an alarm, and so, requires extra verification.
That could be code from something that you own, like your phone, or a code generator app on it. Anything to make it so it’s one step beyond the username and password.
Secure versus Workable
But, is there such a thing as too secure? If your company’s front door has 17 locks on it plus biometric security that requires everyone to use a dozen different keys and have their eyeballs scanned and provide a fingerprint before they can enter the office, guess what? A window or back door will be left open because nobody’s going to bother going through the front door. People are just gonna get fed up and look for alternatives — which is even more unsafe!
You have to find a balance between securing and convenience that’s acceptable, so people will say, “Sure, this is an extra step but it’s only 30 seconds, and it means my data is secure.”
Hackers are constantly evolving new methods, so you need to constantly re-evaluate your security to protect against a breach. What might have been top-notch six months or a year ago might not be the best approach today. That’s why security should be a recurring consideration, like an annual dental check-up. You need to stay up-to-date, smart, and informed to protect yourself, your company, and its data.
Google is constantly changing and enhancing its features, so security is getting more sophisticated. But hackers are getting more sophisticated, too. Review what’s new, what’s available, and make sure you are still doing the right thing, or a combination of things, to stay safe. There might be new features you’re not using or leveraging because you haven’t activated them yet.
Another reason to get a regular security check-up is to make sure everything is still optimized. Something may have been changed for a valid reason and inadvertently left vulnerable. For example, someone might have lowered security because there was an issue at that time, or they needed to bypass something but probably haven’t bothered to turn it back on again. A security check can reveal these kinds of lapses.
Scan Your Own Security Level
The g-company security scan shows you exactly how to optimize your Google Workspace to make it safer, more secure, and virtually hacker-proof.
The scan takes about one and a half days to two days. There are hundreds of settings within Gmail alone that we’ll go through and see how they’re set. We’ll remove or flag the ones that are not standard or best practice. We go through your domain and look at everything your people are doing and check whether or not they’re doing proper authentication, something equivalent to two-step. We then come up with a list of recommendations for you and discuss it in a 4-hour online workshop with your technical people.
If you’re a current Google Workspace user, you might have done this four years ago, or even a year ago. But a lot of stuff has changed since then. There are probably 50 or 60 extra security settings introduced to Google Workspace each year.
So, let’s assess your Google Workspace environment and make sure your business is optimally protected!
If you leave your details in below form, we will contact you as soon as possible to discuss the details of our security scan and the possibilities for your organization.
Doe mee met onze online sessie over beveiliging
Op 21 april gaan we in gesprek met een van onze klanten en een g-company security expert. Je hoort praktijkvoorbeelden uit de eerste hand en krijgt enkele eenvoudig uit te voeren doe-het-zelftips en trucs.