Social engineering attacks are happening every day, and it is often the first technique hackers turn to, because "calling somebody on the phone is so much easier than doing the technical magic you need to break into a computer." Is your name and your phone number all it takes for a hacker to take over your cellphone account? ... Read More
- Published: 21 Dec 2018
If you use a computer today, there’s a fair chance that you have a Google account. The practicality that if offers with its comprehensive service offerings simply can’t be ignored. However, it is also important that a user’s, whether they utilize it for business or personal use, security isn’t ignored either.
Unfortunately, security is precisely what is often ignored, mainly due to ignorance as to why and how to secure their account. Here, we will cover both why a Google account absolutely must be locked down, and how to go about doing it.
What Makes a Google Account So Valuable
There is a huge discrepancy between the impression of what the Internet itself is for, and what it was actually created to do. While a great amount of the Internet is utilized as a means to store personal and private information, it was actually intended to share information as effectively as possible. The word Internet itself reflects that, derived from inter (reciprocal or shared) and network (a system of connected things).
From the very start, the Internet was meant to be an information dispersal tool, enabling anyone to access the knowledge they wanted. Back in 1962, MIT’s J.C.R. Licklider described a system he called the “Galactic Network” in a series of memos. The Galactic Network was meant to connect computers all around the world so that data and programs could be shared. Sir Tim Berners-Lee, the man credited with inventing the World Wide Web, did so based on the ideals of access and openness. As he put it:
“Had the technology been proprietary, and in my total control, it would probably not have taken off. You can’t propose that something be a universal space and at the same time keep control of it.”
This viewpoint informed the Internet as it largely exists today: a space where things can be shared, unfettered by any central point of control. This is the framework that the ideals of net neutrality and group participation flourish in, censorship stomped down through accessibility. It’s almost funny that we try to keep anything on the Internet a secret anymore, looking back at its original purpose.
Yet, as the Internet was leveraged for additional purposes, there was an increased need for privacy and security. Many communications shared online contain confidential information that needs to be shared exclusively with certain users. As a result, a new online environment emerged, where security measures restricted access to information to only those with the right credentials. This new approach has proved beneficial for businesses and individuals alike and is why Google has grown to offer what it does today.
Google’s Assorted Services
While Google originally started as a dissertation project by two PhD students at Stamford, its uses have expanded greatly in the years since. G Suite applications, like Google Drive, Google Docs, and others have assisted businesses greatly, while many private users have leveraged services like Google Maps and Google Drive for their own ends.
Perhaps most of all, users of all kinds have opened Gmail accounts, and have used these accounts to sign up for other assorted web services… and this is the where the potential problem lies.
How much do you rely on Google, in terms of accessing your online accounts? How much impact would the compromise of your Google account have?
It May Be More Than You’d First Think
Let’s look at the tendency to use a Gmail address whenever an email is required, or to save a password for easy access, or even to link a Google account to another profile. This all makes Google the most convenient option--if all you need is an email to create a profile, why not just use the one that you use for everything else?
Really, when all is said and done, Google is the choice that makes the most sense. Google offers reasonable security, and the other capabilities it offers deliver some compelling reasons to use it as often as possible. However, there is a consideration that many overlook, to the potential detriment of the security of all of their accounts.
Setting up an account through Google means that account is only as secure as your Google account is.
Or in other words, if someone were to access your Google account, they have everything they need to access every account that you connected to Google in some way, shape, or form. This may mean more to you than you’d realize.
A Brief Demonstration
If you happen to be reading this on a desktop, go to your Google account by clicking here. Under Sign-in & security, click into Apps with account access. This will show you a list of all the applications with access to your Google account, along with a list of the websites that Google Smart Lock has your credentials to.
How long is your list? Does it happen to feature your bank?
If so, someone who gains access to your account could easily commit financial fraud. They could also use their access to your email to tell your bank that “you’ve” forgotten your password, resetting it and locking you out.
Unfortunately, the usefulness that Google delivers is too great to ignore as well, to the point that it is almost irresponsible to pass it up. This leaves us at an impasse of sorts--do we embrace convenience at the cost of security, or improve our security while sacrificing convenience?
The good news is, you don’t have to choose, as long as you have properly secured your Google account.
A daunting task, yes, but only because we have grown accustomed to Google providing one-click solutions. While there is no magic option that will keep you completely safe, securing a Google account is possible if the right precautions are taken.
Protecting Your Google Account
Again, these aren’t magic options, which means that that these aren’t solutions that will work indefinitely. Rather, they will require repeated activities over time. What follows are the steps you need to follow in order to protect your Google account, and by extension, your data.
Passwords and Account Security - Of course, this goes for all of your accounts, but because your Google account has so much tantalizing info in it for a hacker to leverage to their advantage you need to be extra careful in locking it down. Therefore, you need to ensure that access to it is sufficiently protected by a password in keeping with best practices, as well as the access point used to log into your account.
A good rule of thumb is to avoid using devices that are open to the public in order to access your accounts. This is because a cybercriminal may be able to access your account after you have finished your work, and the fact that these devices are petri dishes for cyberattacks doesn’t help either. Public Wi-Fi signals should be avoided for similar reasons. All the convenience in the world isn’t worth a security breach.
Two-Factor Authentication (2FA) - In addition to being smarter about how you access your Google account, you should establish additional requirements to make it more challenging to do so. Two-factor authentication can be a highly effective way to prevent unwanted access to an account, as long as it’s approached correctly.
The crux of the matter is this: not all two-factor is the same. If given the choice between a text-based 2FA solution or a mobile application like Google Authenticator, you should utilize the app. It will be the more secure option.
Furthermore, your Google account will give you access to a list of authentication codes that each have a one-time use. These can be used if you don’t happen to have your mobile device handy. Furthermore, these can be reset whenever you need to, so if you happen to lose the list, you don’t have to worry.
Log in to your Google account to set up these features and the others that are offered.
With the amount that the average Google account is linked to, it is paramount that its security is preserved. Compudata can help you preserve not only the sanctity of your Google account, but your entire IT infrastructure. Give us a call at 1-855-405-8889 to learn more.