Getting a Google employee phished on their workstation could mean jackpot for cybercriminals given the value of information or protected data Google employees has on their systems. Of course, every major company faces the risk of phishing were employees in a way innocently hand over data to third parties even without any knowledge. But Google has a simple USB device to keep its 85,000 plus employees to safe from phishing, according to a report by Krebs on Security blog.
For those unaware, phishing is a common security menace. The attacker sends an email asking the recipient to sign up for a service or a tool with their login and password. The portal looks exactly similar to something employees are used to seeing every day. The moment they login, the credentials get delivered to the attacker. Later, the attacker can use the same credentials to login to tools or services that are exclusive to the user to get information or even manage to access emails.
How has Google managed to keep its employees safe?
The answer here is security keys. While most companies use two-factor authentication to safeguard emails and other tools, it has proven from time-to-time that two-factor authentication is not full-proof. Google has gone a step ahead to provide physical USB security keys.
The first step involves the employee to provide the login credentials. Then he/she receives an OTP on their mobile through an exclusive app and the final step involves inserting the USB security key–which looks like a pen drive– into the USB port and then pressing a button on the security key to finally access the tool or service.
USB security keys cost between Rs 5,000 and Rs 7,000 in India and are available for e-commerce websites like Flipkart or Amazon. These keys can be programmed to a particular system and work exactly like physical keys of a house or office cabin. Google had started supporting USB keys for two-factor authentication for its Gmail in 2014. Even you can use a USB key to secure your Gmail now.