Did you know that cybercriminals have the ability to take passwords from a user’s account and reuse it to log into another site? That means corporate secrets stored in Dropbox aren’t truly secure and can easily be accessed.
Earlier this month, a Dropbox employee stored an unencrypted document on the service. It contained Dropbox users’ email addresses. When an attacker logged into the employee’s account using the their reused password, the attacker was able to obtain a copy of the document and use the email addresses to unleash mass amounts of spam to Dropbox users.
There are many potential threatening attacks that can take place due to Dropbox vulnerabilities, and if you or your employees use Dropbox you must consider the following security strategies.
1. Compare Cloud Service Security Levels
According to a recent survey conducted by Ponemon Institute — a group that conducts research on privacy, data protection, and information security policies — many employees don’t trust the security of the cloud, but continue to use it anyway.
Nearly two-thirds of those copying sensitive data to the cloud believe their service providers are responsible for protecting their data. Similarly, nearly two-thirds of those have no knowledge regarding what kind of security measures their service providers use to protect data.
As a business owner or manager, you should evaluate many cloud services and decide which one is the safest for your employees to use. Additionally, you should consider the security of add-ons, and whether entirely different services should be used.
2. Don’t Trust Cloud-Service Security Measures
Consider the recent Dropbox breach; the company reset only the passwords of users that were affected. A trustworthy service will reset all users’ passwords. On the upside, the company explained that it would be introducing two-factor authentication, including alerts when odd user behavior is detected, as well as audit user-access logs.
3. Consider Dropbox As a Public Repository
Until Dropbox increases its security measures, you should inform your employees that everything uploaded to the service will be treated as “public.” If there’s any information you’re worried about, encrypt those files before uploading them. Don’t rely on this cloud service to protect your documents.
4. Detect Malicious Insiders
Aside from external attackers, one of the biggest information-leaking threats facing businesses involves malicious insiders. Can your business detect information theft while it’s happening? If not, carefully consider if and when employees can use Dropbox. Also, when looking for a third-party file storage service, ensure administrative access is available for all of your data.
Have questions about cloud sharing applications? Have security questions about Dropbox in your corporate environment? Contact us today. As your trusted IT professionals, we have experience with Dropbox and other services for file sharing. Before you jump in with Dropbox, give us a call at (613) 828-1280 or drop us an email at firstname.lastname@example.org.
Published On: 1st October 2013 by Ernie Sherman.