Dropbox Might Be Convenient, But is it Secure?

by

October 1, 2013

Did you know that cybercriminals have the ability to take passwords from a user’s account and reuse it to log into another site? That means corporate secrets stored in Dropbox aren’t truly secure and can easily be accessed.

Earlier this month, a Dropbox employee stored an unencrypted document on the service.  It contained Dropbox users’ email addresses. When an attacker logged into the employee’s account using the their reused password, the attacker was able to obtain a copy of the document and use the email addresses to unleash mass amounts of spam to Dropbox users.

There are many potential threatening attacks that can take place due to Dropbox vulnerabilities, and if you or your employees use Dropbox you must consider the following security strategies.

1.     Compare Cloud Service Security Levels

According to a recent survey conducted by Ponemon Institute — a group that conducts research on privacy, data protection, and information security policies — many employees don’t trust the security of the cloud, but continue to use it anyway.

Nearly two-thirds of those copying sensitive data to the cloud believe their service providers are responsible for protecting their data. Similarly, nearly two-thirds of those have no knowledge regarding what kind of security measures their service providers use to protect data.

As a business owner or manager, you should evaluate many cloud services and decide which one is the safest for your employees to use. Additionally, you should consider the security of add-ons, and whether entirely different services should be used.

2.     Don’t Trust Cloud-Service Security Measures

Consider the recent Dropbox breach; the company reset only the passwords of users that were affected.  A trustworthy service will reset all users’ passwords. On the upside, the company explained that it would be introducing two-factor authentication, including alerts when odd user behavior is detected, as well as audit user-access logs.

3.     Consider Dropbox As a Public Repository

Until Dropbox increases its security measures, you should inform your employees that everything uploaded to the service will be treated as “public.” If there’s any information you’re worried about, encrypt those files before uploading them. Don’t rely on this cloud service to protect your documents.

4.     Detect Malicious Insiders

Aside from external attackers, one of the biggest information-leaking threats facing businesses involves malicious insiders. Can your business detect information theft while it’s happening? If not, carefully consider if and when employees can use Dropbox. Also, when looking for a third-party file storage service, ensure administrative access is available for all of your data.

Have questions about cloud sharing applications?  Have security questions about Dropbox in your corporate environment?  Contact us today.  As your trusted IT professionals, we have experience with Dropbox and other services for file sharing.  Before you jump in with Dropbox, give us a call at (888) 330-8808 or drop us an email at [email protected].

We're Integris. We're always working to empower people through technology.

Keep reading

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects? The Quick Take Managing IT projects effectively is crucial for ensuring success and maximizing ROI. Here are the best practices to follow: Define Clear Objectives and Scope: Set specific, measurable, achievable,...

What Is The Future of Managed IT Services?

What Is The Future of Managed IT Services?

What Is the Future of Managed IT Services? The Quick Take: The future of managed IT services for small and medium-sized businesses is bright, with the market expected to grow from $1.735 trillion to $2.173 trillion by 2028. Key trends driving this growth include:...

The Regulatory Outlook for 2025 and What That Means for Banking IT

The Regulatory Outlook for 2025 and What That Means for Banking IT

With a new administration coming in, 2025 promises to be a year of change. But will it significantly impact banking regulation and your bank’s cybersecurity? No one has a crystal ball, of course, but recent global outlooks for the banking industry seem to point to two...