Dropbox is a great tool. It will certainly speed up the processes which help your employees get things done.
However, there are also security risks involved in the usage of Dropbox–both in the private and corporate realms. In this article, we’ll have a look at how corporations use Dropbox and what can be done to make it safer.
Being Paranoid is a Good Thing
We think that being paranoid about your data and company is a good thing, especially when the business depends on important files. There are too many attacks these days by data thieves (and hackers) on user devices, but most of the time, it’s the user himself who tends to drop the security ball and risk the company’s data.
For example, a common mistake is using the same passwords across all accounts, or storing important files unencrypted –which recently happened to a Dropbox employee who stored lists of account information in his personal account (and it got hijacked).
As a corporation, even the best security in the world cannot protect you from human failure, so it is important to educate employees about the pitfalls of the Internet.
- Educate staff about security
Files Within Dropbox Are Not Encrypted
When employees use Dropbox for corporate files, there is an inherent risk that these files might be read by third-parties, because Dropbox does not encrypt files before sending them off. The transit and storage on servers is encrypted, but this will not protect a company from man-in-the-middle attacks that could sneak in between employee connections and the company.
Fortunately, there are services like BoxCryptor (YouTube link) that will encrypt the files stored on Dropbox. One option might be to have employees use this encryption service to encrypt all files that are company related.
The problem is: most admins have very little control over what employees are doing with their tech devices on a daily basis, and generally, users are lazy.
- Even if file encryption is a mandatory company policy, some employees will forget or ignore it
Always Think About The DAU
When a corporation’s security is at risk, it’s time to start thinking about worst case scenarios: what happens if there is a security breach and databases get exposed?
Most of the time, this folly is a result human error- that’s why it is important to always suspect the DAU (Dumbest Assumable User).
Very few people have the technical knowledge required to manage a cloud storage account properly, security-wise (one of the reason we have IT teams). Even choosing secure passwords is a challenge for most ordinary computer users. It is not uncommon that employees use passwords like ‘123456’ or ‘password.’
A seminar would be ideal to get everybody on the right track.
- Try to establish best practices in a firm when it comes to choosing and managing passwords
More Users Equals More Risk
Recently Dropbox cracked the 400M users mark – that’s a lot of people using this service. And with more people using it, along come crackers/hackers who will try to steal a company’s data. One problem companies face is that BYOC (bring-your-own-cloud) is currently seen as a natural thing to do because it is so easy.
IBM has pulled the plug, blocking cloud storage services altogether for their employees.
Should other companies do the same? Probably not. Even with 400M users and counting, an attack on data is still very unlikely. And if staff is educated properly, and are backed up by a superb IT security team, it shouldn’t be a major issue for any company that wants to make use of Dropbox.
After all, it’s important to make sure people enjoy working for a business to thrive.
- You cannot reach your goals by inhibiting your staff’s creativity
Educate your staff on how to make cloud living more secure and effective. Prepare them on how to be more secure, both for their personal benefits and that of the company as well.
Be clear with employees on what they are and aren’t allowed to do and life will be much easier.
Sign up for our newsletter
to get the latest on new releases and more.
BYOC services are certainly one of the biggest hits of the last couple of years and it will get more and more common as people realize its value. Make sure your company is prepared and knows how to handle security situations.