Once you move your entire business on Google for Work, there are several situations that could compromise your company’s integrity and overall success. One of these situations is a password leak at the very top level.
If you suspect your administrator password has been leaked, there’s no time to lose! You must declare emergency state in order to minimize your loses and get back in control of your account and business. Below are described all the necessary actions you must take in order to make sure every piece of information is safe.
#1: Sound the alarm
The first and most important step is to alert the Google for Work administrator. Usually, companies prefer to outsource this job to Google for Work Partners which are highly professional IT companies. Onsite Helper is a Google for Work Partner and our team is well-prepared for such situations, so we could be the ones you call.
#2: Reset the password
Actually, your account administrator will be able to do that. Once the password is reset, you will re-gain control over your account. This also means that any unauthorized activities should stop.
A situation like this will be regulated by a protocol established from the beginning of your collaboration and the administrator will have to follow it step-by-step.
- Sign in to the Google Admin console
- Click Users.
- Click next to the user and choose Reset password.
- Type and confirm the new password. Or click Auto-generate password.
- Click Reset to save your changes.
- Send the user their new password.
#3: Reset sign in cookies
This is the step that will completely cut the perpetrator’s access to your account as it will reset all login details at all locations that may still be active. This also means that you will have to re-introduce your credentials on all the locations you need to be active.
Keep in mind that simply resetting the password is not enough, you must implement step no 3 as well!
#4: Review device account access
Google offers a pretty interesting tool that allows you to see the devices used to access your account. Talk with your Google for Work administrator and review the devices that recently logged into your account. Erase all the devices that don’t seem familiar.
It’s best to do this action with the account administrator as he/she will know all the devices that are authorized to log in.
- Go to https://myaccount.google.com/security
- Click Security Checkup
- Sign in as the user
- Check your connected devices
#5: Try to assess the damage
Now, that the imminent danger has passed, it’s time to assess the damage. For this, you will have to login to your Gmail account and check the following aspects:
- Last login details – these will tell you where the hacker may have logged in from by tracing the IP address (scroll down to the bottom of your Gmail window and, on the bottom-right corner, right by Last account activity, click on Details)
- Check Sent items to see if they were emailing out of your Gmail. You may want to call the people who they emailed, to advise of the situation.
- Check any forwards setup, sometimes they forward all your emails to their own email account (Go to Settings (top-right corner, the gear icon) → Forwarding and POP/IMAP tab).
- Check for filters – we have seen cases where hackers created a filter to automatically delete emails that may have let you know your account has been hacked. This extends the effectiveness of their attack as you remain unaware. (Go to Settings → Filters and Blocked Addresses and delete any filters you didn’t create)
#6: Strengthen your security
The final step after re-gaining control over your account and recovering all your losses, it’s to make sure this never happens again. The are two ways to do that:
- One is to implement a 2-step authentication solution which will strengthen your password
- The second one would be to purchase a device like the Yubikey
Regardless of the solution you choose, your data and company will definitely be more secure.
In the end, we offer you a bonus tip that will help you find the safest way to terminate an employee Google account. Keep in mind, if this action is ignored, it can become a prolific source of data leakage.