Web-based file storage tools, such as DropBox, have become increasingly popular, making it very likely that many employees are using them. However, is sensitive or confidential corporate information stored on them? How is this information protected?
Internet storage sites like DropBox, GoogleDrive, SkyDrive, iCloud, Box, etc., allow you to store and synchronize a large amount of data and share it with selected individuals. According to a survey conducted by Nasuni, nearly one in five employees use Internet storage services to store corporate information. In addition, half of the DropBox users resort to this service, despite company policies prohibiting this practice. DropBox claims to have over 100 million users and that their popularity has increased with the exploding use of smartphones and the advent of personal mobile devices in the workplace (BYOD – “Bring your own device”).
This situation is problematic to IT departments, which must protect company information. Moreover, when an employee leaves an organization, his access rights to sensitive data are revoked. However, if employees store sensitive information to Internet storage websites, the IT team is powerless and cannot withdraw the departing employee’s access rights.
Since Internet storage services have flourished, hackers are increasingly interested in them. It is easier to hack an employee’s DropBox account or personal email than a corporate website if seeking to obtain confidential information. In addition, access codes to personal accounts on various communication tools (smartphones, tablets, laptops, etc.) could be vectors for this type of piracy, especially with phishing techniques. Companies should define rules to regulate and control the use of storage sites and educate their employees about these rules as well as social engineering techniques. This will mitigate the risks associated with security breaches in regards to corporate data.
For more information, please view the following article:
For more information about information security awareness, please visit our website.