How Google's New Internet Access Policy Affects Cybersecurity
04-08-2023 | By Robin Mitchell
In a world where cyberattacks are a daily concern, Google has decided to trial a new program that will see volunteers have all internet access revoked during work. What challenges does internet access present, what will the program do, and is it right for companies to start interfering with internet access?
What Challenges Does Internet Access Present?
Of all technologies currently in use, none have been as transformative as the internet. When the internet was first conceived, its primary purpose was to enable researchers to exchange information, thereby helping to advance society. However, no one could have foreseen the impact that the internet would have on society as a whole, providing free access to information no matter where it is in the world, the ability to exchange ideas without limitation freely, and forming relationships between people who would have otherwise never met.
The Internet's Transformative Impact
As an electronic engineer, I've seen firsthand how the internet has revolutionised the way we work and live. However, with these benefits come significant challenges, particularly in the realm of cybersecurity. This is a topic I've been deeply involved in, both in my work and in my writing.
In addition to the exchange of information, the internet has also given electronics the ability to remotely control other devices, something which has been proven to be extremely helpful in environments such as commercial warehouses and industrial production lines. The ability to remotely monitor devices allows engineers from anywhere in the world to make modifications without being physically present, and the ability to perform this work remotely gives untold freedoms to those who are responsible for maintenance.
In fact, it is thanks to the internet that major software projects (such as ChatGPT) have become possible in the first place. Without the Internet, the software would have to be advertised in newspapers and TV commercials, and it would be extremely hard for multiple developers across the globe to contribute to projects.
And for all the benefits that the internet provides, there are numerous challenges that it presents. With computers, servers, and infrastructure all being connected to the internet, thousands of hackers launch millions of cyberattacks daily, trying to find any and all methods for gaining unauthorised access. If achieved, hackers can then use that access to steal private data, commit identity theft, and even hold data to ransom, turning cyberattacks into highly profitable attacks.
A UK government survey reveals that nearly four in ten businesses (39%) report having cybersecurity breaches or attacks in the last 12 months. This highlights the scale of the problem and the need for effective solutions.
One of the most common forms of cyberattacks begins with a phishing email. In fact, a report by Deloitte states that 91% of all cyberattacks start this way, which underscores the importance of educating employees about the dangers of phishing.
For individuals, cyberattacks can be damaging, especially if savings accounts and personal files are attacked, but for businesses, cyberattacks have the capacity to bring companies down. Even if a cyberattack does turn a profit for an attacker, legislation surrounding data protection can see companies fined for not having strong mechanisms in place.
Because of this extreme vulnerability to attacks, businesses will often go as far as to give in to demands from cyber criminals, paying ransom fees. While these fees may be large, the loss in business from damaged files or leaked credentials will be far greater than any criminal’s fee. Furthermore, cybercriminals who launched ransomware attacks in the past have proven their honour in releasing locked files after a ransom payment is made, thereby giving businesses a degree of trust when paying ransoms.
In my experience, one of the most effective ways to prevent cyberattacks is through education. By training employees on the dangers of phishing and other common attack methods, businesses can significantly reduce their risk.
Google Introduces New Program to Limit Employee Internet Access
Having to fend off thousands of attacks each day, Google has decided to trial a new program that will see internet access effectively blocked for employees on work machines. By preventing employees from using the internet on work machines, Google can effectively eliminate a substantial proportion of attack vectors used by hackers. Furthermore, the deployment of numerous AI systems inside the Google network will help improve the work environment while being able to identify suspicious activities.
As reported by CNBC, Google's new program is a bold step in this direction. However, it's important to remember that this is just one part of a comprehensive cybersecurity strategy. As an expert in the field, I believe that a multi-faceted approach, combining technical measures with ongoing education, is the most effective way to protect against cyber threats.
Originally, the trial program was going to select 2,500 employees to see how effective the new policy would work, but after receiving feedback from employees (most likely being highly negative), Google changed the policy to allow for opting out. However, as Google is an internet company, internet access to key Google services such as Gmail and Docs will still be allowed.
But the program won’t just prevent internet access; it will also disable root access. By doing so, users will not be able to install new software, thereby reducing the risk from executable viruses and installers. This limited root access could also be beneficial in defending against rouge USB devices that attempt to key log or provide backdoor access.
Is It Right for Companies to Ban Internet Access?
When it comes to company property, a company has full rights over how that hardware is used and who can use it. Considering that Google is responsible for billions of users’ data around the world, it would be extremely irresponsible to put this data at risk for the sake of internet freedoms for Google employees during work hours (something which would only likely be used to look at cat videos or memes). At the same time, Google employees can still use the internet on personal devices, and what employees do during work hours really is up to the employee.
However, it's important to note that limiting internet access is just one part of a comprehensive cybersecurity strategy. Other measures, such as regular employee training, robust security protocols, and the use of advanced cybersecurity tools, are also crucial.
However, caution must be exercised when trying to restrict the freedoms of employees and what they can do on their own personal devices. There is nothing wrong with blocking internet access on Google devices, but to do so on personal devices would be a gross violation of freedoms and privacy.
While the idea of introducing such restrictions may seem ludicrous now, it is perfectly possible for tech companies in the future to escalate current policies to try and justify the banning of all internet traffic from staff during work hours. This could be made even worse by trying to impose limits on staff even during personal time, as their work and access may impose too much risk (similar to those working for key branches of government). For example, businesses may compel employees to install tracking and logging software that observes their home internet traffic so that any suspicious activity can be identified.
Suppose large tech companies find that their employees are routinely the cause of cyberattacks. In that case, it is more likely that those companies are not doing enough to educate staff on cybersecurity. Furthermore, those working in large tech companies should have the skill and intelligence to recognise such attacks. If such employees are incapable of doing so, then it speaks volumes to the hiring practices of large businesses.