On May 3rd, 2017 a phishing scam targeting Google account users swept across personal and professional email accounts, hoodwinking people into giving out their account information. In response to the recent Google Docs Phishing Scam, we reached out to several high level IT leaders regarding the impact of the scam on their organizations. The majority of the IT leaders interviewed were from the education industry, including several universities, colleges, and school districts.
Google Docs is part of the Google Suite of free online products, which is a staple in many work places due to ease of use and budget-friendliness.
The majority of respondents indicated that their organizations use Google Docs for file sharing and were affected by the recent scam, with nearly half stating that confidential or proprietary information is stored in the platform. With scams and security breaches growing in magnitude and frequency, our findings underscore the fact that many business’ proprietary information is not as secure as previously believed. Recent cyber-attacks have resulted in the public release of both customer and internal data from some of the world’s largest corporations, of which the full ramifications are still unfolding.
Our research indicates that Google account users are taking some precautions, particularly when it comes to the separation of business and personal usage. The majority of our respondents suggested their Google accounts are used for either professional or personal function. Rarely does one account serve both purposes. However, most IT leaders indicated that Google Docs was important to their daily workflow, regardless of whether the account was professional or personal. The most common usages of Google Docs in the work place are the sharing and editing work-related documents in the cloud.
Despite the recent scam, our research suggests Google Services will continue to be a popular tool used within companies. The majority of IT leaders indicated that their trust in the solution has not been shaken by the phishing attack. However, from a big picture perspective, respondents indicated that recent breaches in data security, such as this most recent scam, and the DDoS attacks in 2016, have led to an increased interest in data security solutions investment. IT leaders suggested that this event may be a driver for their organizations to invest in several data security solutions, including security and internet safety training for employees, incident detection and protection solutions, and segmentation of personal and work accounts/devices.
In our analysis, security training for employees is paramount, as one person clicking on the scam can open the floodgates for hackers to access an organization’s entire data infrastructure.
As the risk of possible breaches continues to grow, companies will likely devote greater technical and financial resources towards addressing such threats. Incident detection and protection allows companies to react quickly when a malicious event takes place, minimizing the damage, and allowing the organization to go back to business with minimal interruption. The segmentation of personal and work accounts and devices is a relatively new area of investment, but as the overlap of devices used for both personal and work purposes grows, so does the risk of proprietary information being hacked. Companies will need to develop new policies, or amend older policies related to bring your own device (BYOD) initiatives, in order to maintain a safe network for their data.
Last week’s phishing scam is certainly not the beginning of the end for documents shared in cloud based platforms, like Google Docs, but it has increased the awareness and concern related to data security. We expect to see the investment in data security solutions increase, as companies become more knowledgeable about whether or not their data is protected, and how to maintain that protection.