In brief: It's difficult to imagine performing almost any office-based job these days without full internet access, yet Google has launched a new program that will restrict employees' ability to use the web. The reason? Google workers are often targets of cyberattacks, and these restrictions should mitigate those security threats.
The pilot program Google is now running involves thousands of workers who have limited access to the majority of the internet. The only exceptions are internal pages and Google-owned sites and services such as Gmail and Google Drive.
CNBC writes that Google originally selected over 2,500 employees to take part in the program, but decided to allow participants to opt out – and allow others to volunteer – after looking at the feedback.
There are some Googlers who need the internet to perform their jobs; they will be the exceptions to the rule, the company stated. Some employees will not have root access to the desktops, either, meaning they won't be able to install anything or run administrative commands on the desktop PCs without authorization.
The program seems like a strange one for a company such as Google to implement, but there's a good reason why it believes restricting employees' internet access will be a good thing. Google says it aims to reduce the risks of cyberattacks against Googlers, who it says are frequent targets.
We've seen plenty of major security incidents at big companies that began with compromising a single employee's device. Google has 178,000 workers worldwide – a large number of potential targets. According to the company, severely restricting internet access ensures attackers cannot easily run arbitrary code remotely or grab data.
Google is pushing hard into the artificial intelligence field with its chatbot Bard and a companywide rollout of AI tools, which has partly prompted the tech giant to tighten its security practices even further.
Google is known for placing a major focus on employee security. In 2017, it started handing out physical security keys to workers to replace other forms of 2FA. One year later, Google announced that none of its then 85,000+ staff had been phished since it made using the keys a requirement.
