The need for robust IT solutions became ever more clear this week when none other than internet giant Google announced that it would be alerting specific users that their Gmail accounts may be become the target of determined hacking attacks. Eric Grosse, speaking as Google's vice president in charge of security engineering, made the announcement on the firm's official security blog: "When we have specific intelligence, either directly from users or from our own monitoring efforts, we show clear warning signs and put in place extra roadblocks to thwart these bad actors." It is believed that the need for a warning has been prompted by an increasing level of hacking sponsored by foreign governments.
According to Google's representative, users who receive a warning should not automatically assume that their account has already been hacked or hijacked. Instead, such users should have a heightened awareness that their email account may be targeted for a variety of attacks. Some of these attacks may try to compromise an account through malware, while others do not seek control of a user's email settings, but rather try to entice an account holder into disclosing personal information such as bank account numbers, birth dates, and Social Security numbers. These phishing attacks are becoming more prominent in recent years, but it is a new development for large numbers of them to be considered ‘state-sponsored’ rather than the work of individual malicious actors not affiliated with any national government.
Google, acting as a responsible IT company, is providing its users with strategies they can use to help better secure their Gmail accounts. One important step to take is to create a password that consists of more mixed characters. When upper-case letters, numbers, and symbols are mixed into a password, it is much more difficult for hackers to either guess or determine. Google also recommends that users update their browsers to the latest versions and keep their operating system, as well as all browser add-ons, fully up to date.
While these steps may be sufficient for personal users, small and medium businesses have a more intense vested interest in making sure that email accounts are not compromised. Internal company communications may detail proprietary information and trade secrets that could negatively affect a company's bottom line if released. Companies, therefore, should consider a managed services approach to email services. A managed services model through an outsourced IT approach can build in a variety of methods to provide heightened security for business users.