<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1678611822423757&amp;ev=PageView&amp;noscript=1">

4 Ways to Reduce Dropbox Security Concerns

Kevin Conklin| August 31 2016

| security

4 Ways to Reduce Dropbox Security ConcernsOnce again, Dropbox is in the news as a major security concern. Even though we're talking about a 2012 data breach, the company wasn't upfront about the scope of the problem – namely, the theft of passwords belonging to 68 million customers. This is poor form as far as data breach disclosure is concerned.

Related Article: How To Assemble A Data Breach Rapid Response Team

According to Hacker News, "Dropbox initially disclosed the data breach in 2012, notifying users that one of its employee passwords was acquired and used to access a file with users' email addresses, but the company didn't disclose that the hackers were able to pilfer passwords too."

The concern is big enough that Dropbox had to go public about recent actions taken to secure potentially exposed users. This included a "proactive password reset" action the company completed last week which essentially forced users to reset passwords that pre-dated the breach.

So what does this mean for your organization? Considering end users will take shortcuts as a matter of convenience (and to bypass IT saying "no"), they download all sorts of apps like Dropbox. The resulting "shadow IT" effect means that company data gets dropped into enterprise file synchronization and sharing (EFSS) products like Dropbox.

Related Article: Shadow IT: When Employees Become Bounty Hunters

And considering that end users are not experts at locking down data, there's a lot of company information that ends up in-motion and at-rest in repositories not managed by IT admins. Given all this, you and your fellow IT teammates may be asking "just what is our exposure"? Here are four questions to consider, along with four areas to drill down into to make sure your data is protected:

1. Do you have a stated policy concerning employee use of file sharing services?

If not, then it is highly likely your employees are transferring data any way that works best for them. If any portion of those transfers are external, you have a significant security risk on your hands.

Once employees turn to external services, it becomes more likely that some of them, already struggling to remember a wide array of passwords they use every day, will use their company access passwords with an external vendor. Now you are exposed data breaches the external vendor may encounter. Or, you could lose corporate access passwords to phishing attacks. (BTW, Dropbox phishing scams are very productive tactics for cybercriminals.)

2. Do you collect, transmit or store sensitive data protected by regulations?

If you are in financial services, the government sector, insurance, healthcare or retail you don't have to do any research to find the answer – it is yes. If your company is publicly traded or in sensitive manufacturing industries (like suppliers to power plants) the answer is also highly likely to be yes.

In that case, not having a good answer to the first two questions actually puts you at risk of huge fines in the event of data loss. Having employees that use unapproved third party services increases your risk to eventual data breach.

Related Article: Despite Increased Focus On Security, Dropbox Still Lacking

3. Do you have a secure means of executing file transfers?

If you are already in the business of sharing data with external customers, partners, vendors or governmental reporting agencies you should be using a secure file transfer solution. Whether or not that is a cloud-based service should be more dependent on your security needs than convenience.

Recent rulings have come down hard on companies that relied on the compliance assertions of a third party vendor. The fact is you are only compliant if your company has implemented the right security and governance provisions. Compliance is your responsibility.

Best practice typically involves on-premise solutions or strict governance with fully compliant third parties. Common on-premise file share technologies include secure FTP (file transfer protocol using SFTP/SSH or FTPS/SSL) or managed file transfer (MFT).

Related Article: Using Dropbox? Get Ready For Spring Cleaning

4. Do you have an easy to access, secure alternative to ad hoc file transfers made by employees?

If you already have secure FTP or a managed file transfer solution you should investigate the availability of 'ad hoc' user features. Many vendors provide easy to use browser or Outlook plug-ins. Distributing these to employee desktops can go a long way to mitigating their need to look elsewhere for easy file transfer.

At the end of the day, end users will take the shortest route and use apps (including Gmail) they are familiar with already. Considering this, why not just give them something just as simple to use, that you can manage and lock down yourself?

Topics: security

Leave a Reply

Your email address will not be published. Required fields are marked *


Kevin joined Ipswitch in 2015 and leads the company’s product and content marketing practices. He is widely recognized for his product marketing accomplishments in information technologies. He is a serial startup executive having played instrumental roles in the success of such companies as for Prelert, VKernel, Mazu Networks and Smarts, Inc. and has been instrumental to the success of these IT management technology companies. Kevin is also the co-host of the PICNIC Podcast live show (https://picnic-podcast.com/), sharing experiences and best practices, providing a voice of expertise, and educating IT professionals with the latest technology challenges.

Free Trials

Getting started has never been easier. Download a trial today.

Download Free Trials

Contact Us

Let us know how we can help you. Focus on what matters. 

Send us a note

Subscribe to our Blog

Let’s stay in touch! Register to receive our blog updates.