Earlier this year, the news broke of a new method that attackers were using to infiltrate Google Drive. As The Hacker News reported, “An unpatched security weakness in Google Drive could be exploited by malware attackers to distribute malicious files disguised as legitimate documents or images, enabling bad actors to perform spear-phishing attacks comparatively with a high success rate.”Phishing is one of the most common – and effective –types of cyber threats, and this particular example targeted users who were uploading and managing different versions of a file. Spear-phishing is a more targeted form of attack, in which emails or Google Drive links containing malware are sent to well-researched victims.While this August’s Google Drive vulnerability has since been widely publicized, few people realize that Google Drive is a favorite vector for hackers. “Spear-phishing scams typically attempt to trick recipients into opening malicious attachments or clicking seemingly innocuous links, thereby providing confidential information, like account credentials, to the attacker in the process,” said The Hacker News. If you're worried about spear-phishing and other Google Drive vulnerabilities, here are some ways you can tighten your security on this particular platform.
Secure your Gmail accounts
An easy way for hackers to access data on your Google Drive is through your email. “One of the key overlooked measures to protect your Google Docs is keeping your Google Account secure,” wrote The Next Web. “An insecure Gmail that falls victim to a phishing or spear-phishing attack will immediately give hackers access to all your Google Docs.” There are a few steps you can take to increase the security to your overall Google Account:
- Use a VPN when connecting to a public Wifi network;
- Use a strong, complex, unique password that you update regularly, or a password management tool like 1Password;
- Add two-factor authentication or a physical security key like YubiKey
In addition, make sure your coworkers or employees are trained to recognize phishing attacks. These attacks are increasingly sophisticated –especially when it comes to using links that look like Google Drive items but are really malware.
Use Google’s Context Aware Access
In 2019, Google launched Context Aware Access, a way to “create granular access control policies to apps based on attributes such as user identity, location, device security status, and IP address.” Context Aware Access is available to those with Enterprise, Cloud Identity Premium, and Enterprise for Education versions of GSuite.Context Aware Access provides an IT team with control over which apps a user can access based on their context. Context refers to specific rules – whether a user’s device complies with your IT policy. Context Aware Access can be used in combination with other security restrictions, such as two-step verification. Admins can use this feature to allow access to Google Drive only if a user’s storage device is encrypted, for instance, or to prevent access from apps not within the corporate network.It’s worthwhile to note that the pandemic has caused many businesses to rapidly adopt remote work tools like Google Drive. In the process, cybersecurity controls may have been adopted haphazardly and ad hoc. Investing in Google’s Enterprise products not only gives you more advanced security features (like Context Aware Access) but could also make it much easier to work collaboratively.
Adopt a strict sharing policy
Phishing attacks that co-opt Google Drive links are so effective because we share documents so frequently and freely. Adopting what’s known as the principle of least privilege, or PoLP, can help mitigate the number of links that are shared.Google Drive components (namely, Google Docs and Sheets) thrive on a most-privilege policy. This means that while document settings may default to private, in which only the user can see and make changes to a document, it’s very easy to set another user as the editor of a document ––thereby granting them virtually unlimited control. PoLP demands that instead of defaulting to granting unlimited control, users should give minimal access to others.Unfortunately, Google Drive permissions that would enforce PoLP aren’t easy to find. The option to limit the permissions of editors is hidden within the settings of the same box where you’d set the permissions level, under the gear icon at the top right of the sharing window. An important component to PoLP, however, is to discourage those in your organization from widely sharing links to those who don’t need them.
Implement a cloud-based DLP solution
Nightfall for Google Drive is a data loss prevention (DLP) solution designed to inform you of who has access to information you deem sensitive housed in your Google Drive.Nightfall offers a way to scan your entire Google Drive to see file-sharing settings so you can make sensitive data available to only the intended people. This gives security admins an overview of all files in their Google Drive and allows them to easily find and investigate files that violate company policies. Find, flag, and secure data that external users can edit or view within your Google Drive files.Learn how Nightfall can improve the security of your Google Drive by signing up for a demo at the link below.