Dropbox Might Be Convenient, But is it Secure?


October 1, 2013

Did you know that cybercriminals have the ability to take passwords from a user’s account and reuse it to log into another site? That means corporate secrets stored in Dropbox aren’t truly secure and can easily be accessed.

Earlier this month, a Dropbox employee stored an unencrypted document on the service.  It contained Dropbox users’ email addresses. When an attacker logged into the employee’s account using the their reused password, the attacker was able to obtain a copy of the document and use the email addresses to unleash mass amounts of spam to Dropbox users.

There are many potential threatening attacks that can take place due to Dropbox vulnerabilities, and if you or your employees use Dropbox you must consider the following security strategies.

1.     Compare Cloud Service Security Levels

According to a recent survey conducted by Ponemon Institute — a group that conducts research on privacy, data protection, and information security policies — many employees don’t trust the security of the cloud, but continue to use it anyway.

Nearly two-thirds of those copying sensitive data to the cloud believe their service providers are responsible for protecting their data. Similarly, nearly two-thirds of those have no knowledge regarding what kind of security measures their service providers use to protect data.

As a business owner or manager, you should evaluate many cloud services and decide which one is the safest for your employees to use. Additionally, you should consider the security of add-ons, and whether entirely different services should be used.

2.     Don’t Trust Cloud-Service Security Measures

Consider the recent Dropbox breach; the company reset only the passwords of users that were affected.  A trustworthy service will reset all users’ passwords. On the upside, the company explained that it would be introducing two-factor authentication, including alerts when odd user behavior is detected, as well as audit user-access logs.

3.     Consider Dropbox As a Public Repository

Until Dropbox increases its security measures, you should inform your employees that everything uploaded to the service will be treated as “public.” If there’s any information you’re worried about, encrypt those files before uploading them. Don’t rely on this cloud service to protect your documents.

4.     Detect Malicious Insiders

Aside from external attackers, one of the biggest information-leaking threats facing businesses involves malicious insiders. Can your business detect information theft while it’s happening? If not, carefully consider if and when employees can use Dropbox. Also, when looking for a third-party file storage service, ensure administrative access is available for all of your data.

Have questions about cloud sharing applications?  Have security questions about Dropbox in your corporate environment?  Contact us today.  As your trusted IT professionals, we have experience with Dropbox and other services for file sharing.  Before you jump in with Dropbox, give us a call at (888) 330-8808 or drop us an email at [email protected].

We're Integris. We're always working to empower people through technology.

Keep reading

Strong Cybersecurity Postures: How to Unleash their Power

Strong Cybersecurity Postures: How to Unleash their Power

In the vast digital landscape where virtual dragons and sneaky trolls roam a strong cybersecurity posture has never been more important. Imagine a band of modern-day knights led by our protagonist, Alex. Armed with a trusty laptop and a cup of coffee, Alex navigates...

How to Spot a Phishing Attack in 2023

How to Spot a Phishing Attack in 2023

In 2023 cyber threats lurk behind every tree trunk in today's digital jungle, and cybersecurity awareness is more critical than ever. Among the craftiest of these threats are phishing attacks. Phishing attacks are cunningly engineered with social manipulation at their...

How to Choose an IT Consultant in Boulder, CO

Regardless of industry size or type, Boulder IT consultants play a massive role in the way companies in the Boulder area do business. While most companies may have their own in-house IT department, many of these departments are small and cannot handle all the...