By Ryan Squires Posted September 13, 2018
Google® has revolutionized the modern office with its collection of IT-related business applications. At the core of it all is G Suite™ (formerly Google Apps for Work). The productivity platform consists of word processing, spreadsheets, presentations, calendars, and email all in one collaboration-focused grouping of productivity tools. But, because the email component of G Suite is prominent, people can be duped into phishing attacks. In order to mitigate risk, it may be time to eliminate the web G Suite Password reset.
Why is G Suite Popular?
G Suite compares favorably to other cloud software like Office 365™, because G Suite’s base price includes a lot more tools at a lower price than Office 365’s base price. G Suite offers word processing, spreadsheets, email and presentation tools for $5/mo while O365 offers just email at that price. While these tools are not generally as robust as their O365 counterparts, they’re enough for the majority of users out there.
Phishing for Creds
However, given the widespread adoption of G Suite, password resets for the platform have become a tool for phishing attacks. In phishing attacks, hackers mimic Google’s URL, then use these dummy sites to pretend they’re genuine Google websites. Phishing attacks attempt to glean personal data by claiming a user needs his/her password reset via email, then offers a phony website as a place to do so. Upon clicking said phony website and filling in the credentials, once the user hits submit, the password is sent over to the hackers. Some can even install malware on the duped user’s system and wreak even more damage.
The vast majority of internet users on the web believe they won’t ever fall for a phishing attack. They’ll claim they’re too internet savvy; that they can spot an imposter email from two computer screens away. But, some of those users are wrong. In their annual cyber security report, Verizon found that some 4% of people fall for phishing emails. And while that doesn’t seem like a very high figure, those who fall victim to a phishing attacks are more likely commit to the same mistake again. Email phishing attacks are growing in sophistication, so it’s understandable if people fall for the same thing twice—especially if they’re untrained with regard to phishing attacks. Even John Podesta, Hillary Clinton’s campaign advisor in 2016, fell for a G Suite password reset phishing email. Nobody is safe. If you want to mitigate the risk of a phishing attack via a G Suite password reset, eliminate the web-based G Suite password reset and reset on the system itself.
A New Method Emerges
Here at JumpCloud, we’ve developed a method to avoid this risk altogether. Thanks to the JumpCloud® Directory-as-a-Service® System App, users can change their JumpCloud password, which is directly integrated into their G Suite account, from the endpoint itself. Once the password is changed through the System App, passwords connected via JumpCloud including G Suite are updated. No need to change each password manually from different portals.
Stop Traditional G Suite Password Resets
Eliminate the web G Suite password reset today and insulate your IT organization from phishing attacks. Plus, because JumpCloud Directory-as-a-Service integrates into all kinds of other IT resources like WiFi through RADIUS, legacy LDAP applications, cloud-based infrastructure like AWS™, Azure®, and GCE™, and web applications from Salesforce® to Office 365™, IT admins can rest easy knowing that a singular password reset from the system itself has the far-reaching ability to secure more than one resource in one fell swoop. Sign up today for JumpCloud and see how easy password resets can be. If you have additional questions, feel free to drop us a line or check out our YouTube channel.