Google restricting internet access to some employees to reduce cyberattack risk


A man walks through Google offices on January 25, 2023 in New York City.

Leonardo Munoz | Corbis News | Getty Images

Google on Wednesday is starting a new pilot program where some employees will be restricted to internet-free desktop PCs, CNBC has learned.

The company originally selected more than 2,500 employees to participate, but after receiving feedback, the company revised the pilot to allow employees to opt out, as well as opening it up to volunteers. The company will disable internet access on the selected desktops, with the exception of internal web-based tools and Google-owned websites like Google Drive and Gmail. Some workers who need the internet to do their job will get exceptions, the company states in materials.

Some employees will also have no root access, meaning they won’t be able to run administrative commands or do things like install software.

Google is running the program to reduce the risk of cyber attacks, according to internal materials. “Googlers are frequent targets of attacks,” one internal description viewed by CNBC states. If a Google employee’s device is compromised, the attackers may have access to user data and infrastructure code, which could result in a major incident and undermine user trust, the description added.

Turning off most internet access ensures attackers cannot easily run arbitrary code remotely or grab data, the description explains.

The program comes as companies face increasingly sophisticated cyberattacks. Last week, Microsoft said Chinese intelligence hacked into Microsoft email accounts belonging to two dozen government agencies, including the State Department, in the U.S. and Western Europe in a “significant” breach. Google has been pursuing U.S. government contracts since launching a public sector division last year.

It also comes as Google, which is preparing a companywide rollout of various AI tools, tries to level up its security. The company has also been trying more in recent months to contain leaks. 

“Ensuring the safety of our products and users is one of our top priorities,” a Google spokesperson said in an emailed statement. “We routinely explore ways to strengthen our internal systems against malicious attacks.”

This article was originally published on CNBC