With more and more enterprises and individuals turning to cloud-based file sharing, the risk of information being compromised is increasing. Many companies and IT professionals are hesitant to claim that these file sharing services are secure, but usage is becoming commonplace despite the hesitation.
In July, Dropbox became one of the first widely known and used file sharing services to admit to a security breach. It was reported that passwords and login names were compromised, and that a Dropbox employee was hacked, giving cybercriminals access to email addresses of Dropbox subscribers.
Although Dropbox has not released official numbers, they have said that only a small number of accounts were compromised.
New Security Features Resulting from Breeches
Hindsight allows us to improve policy and create safeguards to better protect assets. Dropbox used the security breach as an opportunity to learn a better way and now has a new two-step verification process which will make accessing unauthorized accounts more difficult.
The two-step verification process will ask users to enter their password as well as a code that can be sent to a mobile phone. This is a voluntary feature, but one that is highly recommended for those who are sharing confidential, proprietary or personal information. The two-step verification process may become common place for a variety of sites requiring log-ins since it makes it much more difficult for cybercriminals to guess both the password and the randomly selected code.
Dropbox has also instituted a new page which will allow users to see all active log-ins to your account. This will help you recognize if any unauthorized users have gained access to your information.
Additionally, to better secure your password, Dropbox may prompt users to change their passwords, especially to those accounts that remain dormant for extended periods of time.
The file-sharing giant has also instituted internal mechanisms to better recognize suspicious and malicious activity.
Learn from Past Mistakes
Remember, it’s ultimately up to you to protect your data. Although third party file hosting services are implementing enhanced security measures, you can work to create the safest cyber-environment possible by using complex passwords which you change regularly, updating your security applications and remaining vigilant to any suspicious activity.
It’s important to know and understand your service’s privacy and security policies. And, if you’re working with a company that doesn’t have one, or it isn’t up to industry standards, maybe it’s time to find a new file sharing partner.
Fergal Glynn is the Director of Product Marketing at Veracode.com, an award-winning application security company specializing in the prevention of sql injection attacks and other security breaches with effective risk assessment tools