Dropbox Might Be Convenient, But is it Secure?

by

October 1, 2013

Did you know that cybercriminals have the ability to take passwords from a user’s account and reuse it to log into another site? That means corporate secrets stored in Dropbox aren’t truly secure and can easily be accessed.

Earlier this month, a Dropbox employee stored an unencrypted document on the service.  It contained Dropbox users’ email addresses. When an attacker logged into the employee’s account using the their reused password, the attacker was able to obtain a copy of the document and use the email addresses to unleash mass amounts of spam to Dropbox users.

There are many potential threatening attacks that can take place due to Dropbox vulnerabilities, and if you or your employees use Dropbox you must consider the following security strategies.

1.     Compare Cloud Service Security Levels

According to a recent survey conducted by Ponemon Institute — a group that conducts research on privacy, data protection, and information security policies — many employees don’t trust the security of the cloud, but continue to use it anyway.

Nearly two-thirds of those copying sensitive data to the cloud believe their service providers are responsible for protecting their data. Similarly, nearly two-thirds of those have no knowledge regarding what kind of security measures their service providers use to protect data.

As a business owner or manager, you should evaluate many cloud services and decide which one is the safest for your employees to use. Additionally, you should consider the security of add-ons, and whether entirely different services should be used.

2.     Don’t Trust Cloud-Service Security Measures

Consider the recent Dropbox breach; the company reset only the passwords of users that were affected.  A trustworthy service will reset all users’ passwords. On the upside, the company explained that it would be introducing two-factor authentication, including alerts when odd user behavior is detected, as well as audit user-access logs.

3.     Consider Dropbox As a Public Repository

Until Dropbox increases its security measures, you should inform your employees that everything uploaded to the service will be treated as “public.” If there’s any information you’re worried about, encrypt those files before uploading them. Don’t rely on this cloud service to protect your documents.

4.     Detect Malicious Insiders

Aside from external attackers, one of the biggest information-leaking threats facing businesses involves malicious insiders. Can your business detect information theft while it’s happening? If not, carefully consider if and when employees can use Dropbox. Also, when looking for a third-party file storage service, ensure administrative access is available for all of your data.

Have questions about cloud sharing applications?  Have security questions about Dropbox in your corporate environment?  Contact us today.  As your trusted IT professionals, we have experience with Dropbox and other services for file sharing.  Before you jump in with Dropbox, give us a call at (888) 330-8808 or drop us an email at [email protected].

We're Integris. We're always working to empower people through technology.

Keep reading

What to Know Before Installing Copilot for Microsoft Word

What to Know Before Installing Copilot for Microsoft Word

Imagine having an AI assistant that pulls from your notes, marries them to an existing document format, and writes a document for you. That's the power of Copilot for Microsoft Word, which is planned for rollout in 2024 for those who buy the Copilot M365 license....

Bridging the Gap between Automation and Innovation

Bridging the Gap between Automation and Innovation

Automation and Innovation. Some people might say those two words cancel each other out. Yet, I believe these two concepts can create capacity for each other—if your business leverages the free time automation creates to foster innovation. Automation can be...

Hot New Ways to Customize Microsoft Teams for Your Industry in 2024

Hot New Ways to Customize Microsoft Teams for Your Industry in 2024

Nearly everyone with Microsoft Teams knows what a tremendous tool it is for chat, document sharing, and meetings between individuals or large groups. We’re used to using the tool as it appears on our screens daily. But did you know hundreds of integrations available...