Ally Dartt
Product Marketer
Blog

Don’t wait for a hack to happen: Secure your business data now

October 15, 2018 by Ally Dartt
file sharing

Just yesterday my phone auto-synched 50 (yes, 50- no shame) pictures of my dog to Dropbox and I uploaded my personal budget for the month to Google Drive. We do this sort of thing without thinking- and sometimes without even opening an app. We use the cloud without a second thought. In fact, a billion files are uploaded to Dropbox alone every day. And this isn’t just personal files. This is business files, too.  

Are you mindlessly uploading everything you’re working on at the office? Are your folders auto-synching as a pc backup method? If so, you aren’t alone. 56% of Fortune 500 companies use the paid function of Dropbox and over 3 million businesses pay for G Suite, which includes Google Drive. Companies everywhere are deploying these cloud file-sharing services to increase employee productivity. And, there’s no wonder why. They’re convenient, low-impact, and relatively low-cost services. 

But, see, the problem comes in when we start using these tools at work to store high-stakes, sensitive files- think customer lists, code for your not-yet-launched new product, or even business results. Are you storing these files on Google Drive or even Dropbox and inadvertently putting your company at risk?   

Here’s what you need to watch out for. 

  1. Auto-synching shared files to the cloud can create security vulnerabilities. Often company files are shared among teams through cloud file-sharing services. But imagine if one of your co-workers has a file that’s been compromised by ransomware or other malware. If that file is then synched into a cloud like Dropbox or Google Drive, you could have a problem. Dropbox won’t be able to detect this as an infected file; it will just be uploaded as normal. Good news is Google Drive does scan your files and will give you a warning before upload. But either way, this malware could be synched down onto your pc, infecting not only your co-worker's pc, but yours too. This means a small virus could turn into a company-wide security breach. 
  2. Confidential files could be at risk. Who has access to your files? Are they set to private or public? Often entire folders will have default permissions, and it can be easy to accidentally give broad access to a file or folder unintentionally. When file-sharing services are used in business, this concern is amplified. Customer data, sales reports, or other sensitive company data could be at risk. Consider large customer lists. These might be too large to share over email, so you upload to Dropbox. But you’re quickly in trouble. With GDPR, you could now be facing fines up to 20 million Euros if that list contains names from Europe. It’s now even more critical to scrutinize file access on cloud services.
  3. You may not have as much control as you think. According to their privacy policy, Dropbox doesn’t necessarily delete your data when you delete your account. And this is true among other services as well. If a sensitive file is unintentionally stored in the cloud, deleting it may not solve the problem. And, when an employee leaves the company, you may have two problems. First, their deleted account may not mean their files are actually deleted. This may not seem like a significant issue, but not having full control over your data is problematic, especially when sensitive business files are involved. And second, they may even still have full access to their cloud-based accounts thanks to SSO. It’s critical that proper security measures are in place to regain control of your company’s files in the cloud. 

 

There are certainly benefits to using file-sharing services like Google Drive and Dropbox at work, but they aren’t without fault. Understand the security risks, especially when storing sensitive business data, so you can work to prevent hacks before they happen. 

By the way, October is National Cyber Security Awareness Month - check out other NCASM 2018 posts here.