Computer Support, Network Services, IT Consulting - Basking Ridge, Bridgewater, Morristown

March 19, 2018

IT Security Tip #12: The DANGERS of Dropbox and other file sync apps

If you’re using Dropbox, OneDrive, Google Drive or other consumer-grade file sync and sharing cloud applications, listen up! These applications pose a huge threat to your company because company data can be spread far and wide without central oversight of what information is being shared with whom. Further, over 7 MILLION Dropbox accounts have been hacked, giving cybercriminals a path into the company’s network.

This is even MORE important if your company has access to and/or stores financial, medical or other sensitive data. Using file-sharing applications like these are a clear and direct violation of data breach and compliance laws. Bottom line, DON’T USE THEM FOR COMPANY DATA and use only company-approved, business-grade file-sharing applications.

There is growing concern that there is too much company data floating out in the cloud without the protection of the IT department. No one knows what is really out there and how secure the data may be. While File sharing is common on company network servers and it helps boost efficiency, who is protecting that data on Dropbox?

Things to consider:

Is the Data encrypted at rest?
Is the Data encrypted in transit?
Who has access to the Folders?
Who is controlling the Folders and Files?
Is the service Business Grade?
Do you keep business and personal data in separate accounts?
Are your accounts set to Private and only shared with authorized Users?
Do you delete the data once the project is completed?

If it is Company data, it should be controlled by the company IT Department. The IT Department and the CIO are the ones responsible for the safety and security of the company’s data. You should let them do their job. That way, proper standards can be put in place. You would have chaos if every group got to decide how they will share files. Yes, it is inconvenient to have to request the setup or access to a Folder but it beats having sensitive data exposed to hackers.

In a 2012 study by Watchdox Inc. and the Ponemon Institute involving 622 IT and IT-security practitioners, we found 90% admitted that their companies experienced the loss of sensitive or confidential documents at least once over the previous 12-month period. Larry Ponemon, Ponemon Institute

In their Blog, Interlinks stated “During a routine analysis of Google AdWords and Google Analytics data mentioning competitors’ names (Dropbox and Box), we inadvertently discovered the fully clickable URLs necessary to access these documents that led us to live folder contents, some with sensitive data. Through these links, we gained access to confidential files including tax returns, bank records, mortgage applications, blueprints and business plans – all highly sensitive information, some perhaps sufficient for identity theft and other crimes.”

The financial ramifications of such losses can be staggering. Some estimate that it can be $200 per compromised record. What if you have 5000 or more records in your cloud sharing app? You need to consider these things and put a policy in place.

Most of the discussion is about companies with an IT Department. What if you are a small company with no such department or expertise? You should work with a local outsourced IT Provider who can help you manage these risks.

BTT can set up a way for you to protect and improve your network and your data; call our office if you would like us to set that up: 888.477.9895.

Want to know more about Security? Click here to get our report on 7 Urgent Security Protections Every Business Should Have in Place Now.