October 20, 2014
Top 3 Security Flaws with File Sharing SoftwareCan you imagine working in today’s business environment without the ability to easily share files across any platform at any time? The days of thumb drives and other physical data transportation means are almost gone. While the need for data sharing will always exist, as file syncing and sharing (FS&S) platforms continue to evolve, the way we share will need to change. You should know the top 3 security flaws with file sharing software before you start saving and sharing important data with colleagues, especially if you have compliance requirements.
While that introduction paints a rather rosy picture for the world of file sharing tools, like Dropbox, there are inherent issues with this way of sharing files with one another. In fact, this past Monday, news broke that nearly 7 million usernames and passwords connected to Dropbox were compromised. Although Dropbox denies it was hacked, the incident demonstrates the difficulty of striking the right balance of security, collaboration and ease of use in a solution. It’s important that businesses are informed of the common issues with today’s FS&S (file syncing and sharing) platforms so that they’re not putting data at risk and ultimately damaging a business’ bottom line and/or reputation.
Here are a few of the potential trouble spots for FS&S platforms that you should be aware of:
Nothing online is ever 100% secure. We’ve seen this many times over with Target credit card breach, Heartbleed Open SSL vulnerability, Cryptolocker ransomware, as well as others just reported in the last year. However, there are proactive measures that can be taken to help minimize these risks.
That said, the very open nature of services like Dropbox carry security risks that should make most businesses a bit leery of using these services for company files, especially those companies who must be HIPAA compliant. Passwords in personal Dropbox accounts are not monitored like those on a corporate network and can be more susceptible to hackers.
It’s a serious risk that needs to be fully vetted. Under the harsh light of cyber reality, services like Dropbox may not make the grade.
2. Increased Endpoints
In the new age of BYOD (bring your own device), the number of access points to company data has increased exponentially. Employees can now access company files from their personal devices, which has many benefits and helps increase employee productivity.
The problem is that not all companies have proper tracking and management over these devices. What if an iPhone is lost or stolen? Who now has access to those confidential files? A good mobile device management software/platform can dramatically reduce risks.
With many FS&S platforms, all it takes is a link to view a shared folder. If an authorized person sees that link in an email, they have full access to that data.
In addition, an employee landing on a malicious site on their smartphone could again expose any passwords to the FS&S platform. And on top of that, it’s much easier to shoulder surf and steal a password just by watching on mobile devices because there is a preview of the hidden characters when typing on a touch keyboard.
There are a number of concerns that should be considered when accessing confidential data on mobile devices. Make sure you’ve considered these risks before setting up shared access on mobile devices, and at a minimum, make sure you consider a MDM (mobile device management) solution in case devices are lost or stolen.
3. User error
Is there any scenario in any IT environment where user error is not a risk? Once users are off the range (in this case your office network) the chances increase practically exponentially. Imagine the scenario of a corporate user sharing a link with the wrong contact. It’s very easy to have two contacts named “Mike” in your address book and select the wrong one when sending an email.
Many people in business have friendships with individuals at direct competitors. Something could innocently be shared with another who works for a competitor and suddenly that friendship is less important than the competitive advantage that has been gained.
Make sure that whatever system you’re using to collaborate has security measures in place that can lock down data so no unwanted eyes gain access.
When it comes to choosing a file syncing and file sharing software, get educated. It’s important to be aware of all the benefits and risks of the platforms you’re assessing. Striking the right balance of security and collaboration can be difficult, and many times, businesses aren’t aware of the major security flaws in the platform that they end up choosing.
Be sure you’re doing your due diligence in selecting a collaboration platform and that you know what to look for. If you get to know the top 3 security flaws with file sharing software before you start saving and sharing important data with colleagues, you will be much more aware of risks to your business data.