If you’re like most people, you use tools like DropBox or Box to send and share your files via the Cloud. But how do you know that the files you share via these tools are safe? Do you trust the Cloud service provider and the security measures they’ve put in place? How sure are you that these security measures are foolproof?
When utilizing a service like DropBox, IT Managers should ask themselves how vital or confidential the files are that employees are sharing. Would they feel comfortable if someone other than the intended recipient saw these files? What if a hacker or malicious insider were to gain access? How would a data leak affect the business? If you’re an IT Pro and questions like these make you feel even the slightest bit uncomfortable – and they should – then you need to take additional steps now to protect your company data before an incident occurs.
Recently it made the rounds in the media that DropBox had their passwords hacked in 2012 which may have impacted 68 million users. This Dropbox hack highlights a number of risks for organizations that use Enterprise File Sync and Share (EFSS) solutions as either their primary storage for corporate data or those that allow employees to put corporate data onto their personal accounts.
We’ve seen that having information protected by a password is simply not enough. Despite educational efforts to help users create unique passwords for each of their accounts, it’s human nature to be repetitive. So it’s common place for users to use the same (or similar) password across multiple different log-ins. This means allowing employees to access their personal EFSS accounts to use for business needs offers a window that malicious attackers can exploit and leaves your data vulnerable as it’s very possible that their password is being used for additional personal accounts.
Along with the anxieties businesses face regarding user passwords, their primary concern should be protecting data at its source. This means knowing what controls are in place to control the way data moves to and from EFSS services, and how it’s protected while on that service. Any data that you would fear losing, or is sensitive in any way, should always be encrypted at its source. It’s important that organizations enforce this encryption automatically through their security policy to help avoid disaster. Encrypting at the source may not stop a hacker from gaining access to an employee’s EFSS account, but it will prevent the data itself from being disclosed.
When an organization keeps control of their keys by encrypting the data before it ever is sent to an EFSS service, then – and only then – are private keys are never seen or accessed by 3rd party vendors. That way, if the EFSS provider is ever breached, a business can ensure that their data is still safe from prying eyes.
So what’s an IT Pro to do? SecureDoc CloudSync offers organizations a quick and easy to implement way of ensuring that each and every file sent to an EFSS service is encrypted before it ever leaves an employee’s computer. Find out more >>
Want to learn more about this topic? Download a free eBook discussing What Consumers Believe About Cloud File Sharing & Why That’s a Warning to IT Pros. Download now>>
If you liked what you read and would like more great insights on tech industry news to come straight to your inbox, subscribe here!