Can you imagine working in today’s business environment without the ability to easily share files across any platform at any time? The days of thumb drives and other physical data transportation means are numbered. While the need for sharing data will always remain, as file syncing and sharing (FS&S) platforms continue to evolve, the methods for how we do so will need to change.
While that introduction paints a rather rosy picture for the world of file sharing tools, like Dropbox, there are inherent issues with this way of sharing files with one another. In fact, this past Monday, news broke that nearly 7 million usernames and passwords connected to Dropbox were compromised. Although Dropbox denies it was hacked, the incident demonstrates the difficulty of striking the right balance of security, collaboration and ease of use in a solution. It’s important that MSPs and their clients are informed of the common issues with today’s FS&S platforms so that they’re not putting data at risk and ultimately damaging a business’ bottom line and/or reputation.
Here are a few of the potential trouble spots for FS&S platforms that you should be aware of as an MSP and as a business owner.
Nothing online is ever 100% secure. We’ve seen this many times over with Target credit card breach, Heartbleed Open SSL vulnerability, Cryptolocker ransomware, as well as others just reported in the last year. However, there are proactive measures that can be taken to help minimize these risks.
That said, the very open nature of services like Dropbox carry security risks that should make most businesses a bit leery of using these services for company files, especially those companies who must be HIPAA compliant. Passwords in personal Dropbox accounts are not monitored like those on a corporate network and can be more susceptible to hackers.
It’s a serious risk that needs to be fully vetted. Under the harsh light of cyber reality, services like Dropbox may not make the grade.
2. Increased Endpoints
In the new age of BYOD (bring your own device), the number of access points to company data has increased exponentially. Employees can now access company files from their personal devices, which has many benefits and helps increase employee productivity.
The problem is that not all companies have proper tracking and management over these devices. What if an iPhone is lost or stolen? Who now has access to those confidential files?
With many FS&S platforms, all it takes is a link to view a shared folder. If an authorized person sees that link in an email, they have full access to that data.
In addition, an employee landing on a malicious site on their smartphone could again expose any passwords to the FS&S platform. And on top of that, it’s much easier to shoulder surf and steal a password just by watching on mobile devices because there is a preview of the hidden characters when typing on a touch keyboard.
There are a number of concerns that should be considered when accessing confidential data on mobile devices. Make sure you’ve considered these risks before setting up shared access on mobile devices, and at a minimum, make sure you have an MDM solution in place as well in case devices are lost or stolen.
3. User error
Is there any scenario in any IT environment where user error is not a risk? Once users are off the range (in this case your LAN) the chances increase practically exponentially. Imagine the scenario of a corporate user sharing a link with the wrong contact. It’s very easy to have two contacts named “Mike” in your address book and select the wrong one when sending an email.
Many people in business have friendships with individuals at direct competitors. Something could innocently be shared with another who works for a competitor and suddenly that friendship is less important than the competitive advantage that has been gained.
Make sure that whatever system you’re using to collaborate has security measures in place that can lock down data so no unwanted eyes gain access.
When it comes to choosing a file syncing and sharing platform, education is the first step. It’s important to be aware of all the benefits and risks of the platforms you’re assessing. Striking the right balance of security and collaboration can be difficult, and many times, MSPs aren’t aware of the major security flaws that they end up choosing for their clients.
Be sure you’re doing your due diligence in selecting a collaboration platform for your clients and that you know what to look for.
What other issues might you be missing?
By Steve Lowing
By Meaghan Moraes